From: Tom Herbert <[email protected]>
Date: Mon, 15 Apr 2019 10:52:16 -0700
> case IPV6_2292HOPOPTS:
> case IPV6_HOPOPTS:
> - if (opt->hopopt || cmsg->cmsg_len <
> CMSG_LEN(sizeof(struct ipv6_opt_hdr))) {
> - err = -EINVAL;
> - goto exit_f;
> - }
You're consolidated version of this code checks opt->hopopt after
things like ns_capable() thus changing the priorities of the error
conditions. You code get -EPERM when previously -EINVAL would have
been seen.
I really don't like changes like this, it's so irritating double checking
all of the possible user visible side effects in all of these details.
