Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a42827b7 authored by Harald Welte's avatar Harald Welte Committed by David S. Miller
Browse files

[NETFILTER]: cleanup nfnetlink_check_attributes() 



1) memset return parameter 'cda' (nfattr pointer array) only on success
2) a message without attributes and just a 'struct nfgenmsg' is valid,
   don't return -EINVAL
3) use likely() and unlikely() where apropriate

Signed-off-by: default avatarHarald Welte <laforge@netfilter.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 927ccbcc

net/netfilter/nfnetlink.c

+10 −9
Original line number Diff line number Diff line
@@ -164,16 +164,15 @@ nfnetlink_check_attributes(struct nfnetlink_subsystem *subsys, 
		return -EINVAL;

	}



	attr_count = subsys->cb[cb_id].attr_count;

	min_len = NLMSG_ALIGN(sizeof(struct nfgenmsg));

	if (unlikely(nlh->nlmsg_len < min_len))

		return -EINVAL;



	attr_count = subsys->cb[cb_id].attr_count;

	memset(cda, 0, sizeof(struct nfattr *) * attr_count);



	/* check attribute lengths. */

	min_len = NLMSG_ALIGN(sizeof(struct nfgenmsg));

	if (nlh->nlmsg_len < min_len)

		return -EINVAL;



	if (nlh->nlmsg_len > min_len) {

	if (likely(nlh->nlmsg_len > min_len)) {

		struct nfattr *attr = NFM_NFA(NLMSG_DATA(nlh));

		int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len);
@@ -186,8 +185,10 @@ nfnetlink_check_attributes(struct nfnetlink_subsystem *subsys, 
			}

			attr = NFA_NEXT(attr, attrlen);

		}

	} else

		return -EINVAL;

	}



	/* implicit: if nlmsg_len == min_len, we return 0, and an empty

	 * (zeroed) cda[] array. The message is valid, but empty. */



        return 0;

}