On Fri, Dec 28, 2018 at 11:27:47PM +0100, Florent Fourcot wrote:
> One of the memset call is buggy: it does not erase full array, but only
> pointer size.
> Moreover, after a check, first step of nla_parse_nested/nla_parse is to
> erase tb array as well. We can remove both calls safely.
Please, add Signed-off-by tag and resubmit, thanks.
> ---
> net/netfilter/ipset/ip_set_core.c | 2 --
> 1 file changed, 2 deletions(-)
>
> diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
> index 45a257695bef..c1513e590a27 100644
> --- a/net/netfilter/ipset/ip_set_core.c
> +++ b/net/netfilter/ipset/ip_set_core.c
> @@ -1602,7 +1602,6 @@ static int ip_set_uadd(struct net *net, struct sock *ctnl, struct sk_buff *skb,
> int nla_rem;
>
> nla_for_each_nested(nla, attr[IPSET_ATTR_ADT], nla_rem) {
> - memset(tb, 0, sizeof(tb));
> if (nla_type(nla) != IPSET_ATTR_DATA ||
> !flag_nested(nla) ||
> nla_parse_nested(tb, IPSET_ATTR_ADT_MAX, nla,
> @@ -1657,7 +1656,6 @@ static int ip_set_udel(struct net *net, struct sock *ctnl, struct sk_buff *skb,
> int nla_rem;
>
> nla_for_each_nested(nla, attr[IPSET_ATTR_ADT], nla_rem) {
> - memset(tb, 0, sizeof(*tb));
> if (nla_type(nla) != IPSET_ATTR_DATA ||
> !flag_nested(nla) ||
> nla_parse_nested(tb, IPSET_ATTR_ADT_MAX, nla,
> --
> 2.11.0
>
