The comparison seclen >= 0 in net/netfilter/nfnetlink_queue.c is redundant because seclen is an unsigned value, and such comparisons are always true. This patch removes the unnecessary comparison replacing it with just 'greater than' Discovered in coverity, CID 1602243 Signed-off-by: Karol Przybylski <karprzy7@xxxxxxxxx> --- net/netfilter/nfnetlink_queue.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 5110f29b2..eacb34ffb 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -643,7 +643,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, if ((queue->flags & NFQA_CFG_F_SECCTX) && entskb->sk) { seclen = nfqnl_get_sk_secctx(entskb, &ctx); - if (seclen >= 0) + if (seclen > 0) size += nla_total_size(seclen); } @@ -810,7 +810,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, } nlh->nlmsg_len = skb->len; - if (seclen >= 0) + if (seclen > 0) security_release_secctx(&ctx); return skb; @@ -819,7 +819,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, kfree_skb(skb); net_err_ratelimited("nf_queue: error creating packet message\n"); nlmsg_failure: - if (seclen >= 0) + if (seclen > 0) security_release_secctx(&ctx); return NULL; } -- 2.34.1