On 06/23/2016 07:16 AM, Pablo Neira Ayuso wrote:
> On Wed, Jun 01, 2016 at 08:11:38PM -0400, Vishwanath Pai wrote:
>> +static void
>> +cfg_copy(struct hashlimit_cfg2 *to, void *from, int revision)
>> +{
>> + if (revision == 1) {
>> + struct hashlimit_cfg1 *cfg = (struct hashlimit_cfg1 *)from;
>> +
>> + to->mode = cfg->mode;
>> + to->avg = cfg->avg;
>> + to->burst = cfg->burst;
>> + to->size = cfg->size;
>> + to->max = cfg->max;
>> + to->gc_interval = cfg->gc_interval;
>> + to->expire = cfg->expire;
>> + to->srcmask = cfg->srcmask;
>> + to->dstmask = cfg->dstmask;
>> + } else if (revision == 2) {
>> + memcpy(to, from, sizeof(struct hashlimit_cfg2));
>> + } else {
>> + BUG();
>
> BUG here is probably too much, this halts the system. I can see we
> only use this somewhere else in this code. Instead, I'd suggest you
> propagate an error back to userspace if this ever happen.
>
> I would like to see if this spots any problem with our test
> infrastructure under iptables/.
>
> Thanks.
>
copy_cfg is only used internally by the kernel module and the value for
revision is passed to the function by the module itself and not from
userspace. I will remove BUG() and propagate the error back to the
caller, will send a v2.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
