diff options
author | Nelson Elhage <nelhage@ksplice.com> | 2010-11-03 16:35:41 +0000 |
---|---|---|
committer | Andi Kleen <ak@linux.intel.com> | 2011-04-28 08:21:01 -0700 |
commit | 58c373ba73707261ace8a2227a7ec99d58e9fd94 (patch) | |
tree | 21023e665cf00e11e04ec4b0c5a24fc73fbabdca /include | |
parent | 153e4ee16df4ec1660a97c6040715e5993f9032e (diff) |
inet_diag: Make sure we actually run the same bytecode we audited.
commit 22e76c849d505d87c5ecf3d3e6742a65f0ff4860 upstream.
We were using nlmsg_find_attr() to look up the bytecode by attribute when
auditing, but then just using the first attribute when actually running
bytecode. So, if we received a message with two attribute elements, where only
the second had type INET_DIAG_REQ_BYTECODE, we would validate and run different
bytecode strings.
Fix this by consistently using nlmsg_find_attr everywhere.
[AK: Add const to nlmsg_find_attr to fix new warning]
Signed-off-by: Nelson Elhage <nelhage@ksplice.com>
Signed-off-by: Thomas Graf <tgraf@infradead.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
[jmm: Slightly adapted to apply against 2.6.32]
Cc: Moritz Muehlenhoff <jmm@debian.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'include')
-rw-r--r-- | include/net/netlink.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/net/netlink.h b/include/net/netlink.h index 4fc05b58503e..28c27d16c936 100644 --- a/include/net/netlink.h +++ b/include/net/netlink.h @@ -384,7 +384,7 @@ static inline int nlmsg_parse(const struct nlmsghdr *nlh, int hdrlen, * * Returns the first attribute which matches the specified type. */ -static inline struct nlattr *nlmsg_find_attr(struct nlmsghdr *nlh, +static inline struct nlattr *nlmsg_find_attr(const struct nlmsghdr *nlh, int hdrlen, int attrtype) { return nla_find(nlmsg_attrdata(nlh, hdrlen), |