[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] Fix unsigned integer underflow in fd-trans.c
From: |
Laurent Vivier |
Subject: |
Re: [PATCH] Fix unsigned integer underflow in fd-trans.c |
Date: |
Fri, 18 Oct 2019 20:54:53 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.0 |
Le 18/10/2019 à 20:27, Shu-Chun Weng a écrit :
> (Re-sending to the list because I forgot to turn off HTML before and
> it was bounced.)
>
> That does prevent the integer underflow, but it also changes the
> behavior and I don't think the new behavior is desirable.
>
> If the extra payload has a smaller alignment than the header, it makes
> sense for the user program to generate a nlmsg_len that is not a
> multiple of the alignment. When it's the last entry, the new condition
> will it because NLMSG_ALIGN pushes the aligned length over `len`, yet
> the single entry processing function won't actually read beyond the
> buffer as long as it's bounded by nlmsg_len.
Yes, you're right.
So I think your patch is correct.
Reviewed-by: Laurent Vivier <address@hidden>
Thanks,
Laurent