> Maybe someone could vouch that other checks prevent
> this kind of situation from happening but not me.
No, now that you spell it out (and I see the patch) - this is
absolutely needed because nla_for_each_attr() [1] can be called on
arbitrary data coming from userspace in a message, e.g. by way
David, please do
git revert 4f7df337fe79bba1e4c2d525525d63b5ba186bbd
I'm an idiot.
All rationale in the commit would be correct if reading "nla_len"
didn't require memory access. But it does.
return rem >= (int)sizeof(*nla) &&
nla->nla_len >= sizeof(*nla) &&
From: Alexey Dobriyan
Date: Fri, 2 Dec 2016 03:59:06 +0300
> nla_ok() consists of 3 clauses:
>
> 1) int rem >= (int)sizeof(struct nlattr)
>
> 2) u16 nla_len >= sizeof(struct nlattr)
>
> 3) u16 nla_len <= int rem
>
> The statement is that clause (1) is redundant.
>
> What it
nla_ok() consists of 3 clauses:
1) int rem >= (int)sizeof(struct nlattr)
2) u16 nla_len >= sizeof(struct nlattr)
3) u16 nla_len <= int rem
The statement is that clause (1) is redundant.
What it does is ensuring that "rem" is a positive number,
so that in clause (3) posi
