| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1631756916-3759083-1-git-send-email-jiasheng@iscas.ac.cn>
Date: Thu, 16 Sep 2021 01:48:36 +0000
From: Jiasheng Jiang <jiasheng@...as.ac.cn>
To: pshelar@....org, davem@...emloft.net, kuba@...nel.org
Cc: netdev@...r.kernel.org, dev@...nvswitch.org,
linux-kernel@...r.kernel.org, Jiasheng Jiang <jiasheng@...as.ac.cn>
Subject: [PATCH] openvswitch: Fix condition check by using nla_ok()
Just using 'rem > 0' might be unsafe, so it's better
to use the nla_ok() instead.
Because we can see from the nla_next() that
'*remaining' might be smaller than 'totlen'. And nla_ok()
will avoid it happening.
Signed-off-by: Jiasheng Jiang <jiasheng@...as.ac.cn>
---
net/openvswitch/actions.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/openvswitch/actions.c b/net/openvswitch/actions.c
index 116e38a..8209ab1 100644
--- a/net/openvswitch/actions.c
+++ b/net/openvswitch/actions.c
@@ -915,7 +915,7 @@ static int output_userspace(struct datapath *dp, struct sk_buff *skb,
upcall.cmd = OVS_PACKET_CMD_ACTION;
upcall.mru = OVS_CB(skb)->mru;
- for (a = nla_data(attr), rem = nla_len(attr); rem > 0;
+ for (a = nla_data(attr), rem = nla_len(attr); nla_ok(a, rem);
a = nla_next(a, &rem)) {
switch (nla_type(a)) {
case OVS_USERSPACE_ATTR_USERDATA:
--
2.7.4
Powered by blists - more mailing lists