diff options
author | Harald Welte <laforge@netfilter.org> | 2005-08-09 20:03:54 -0700 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2005-08-29 15:40:06 -0700 |
commit | a42827b71b87fc9816d2f58626e825b0eb500efe (patch) | |
tree | 9f90bd210ca9d0d57bbdcd54beca2bc39c23c05d /net | |
parent | 927ccbcc28dceee29dad876982768cca29738564 (diff) | |
download | op-kernel-dev-a42827b71b87fc9816d2f58626e825b0eb500efe.zip op-kernel-dev-a42827b71b87fc9816d2f58626e825b0eb500efe.tar.gz |
[NETFILTER]: cleanup nfnetlink_check_attributes()
1) memset return parameter 'cda' (nfattr pointer array) only on success
2) a message without attributes and just a 'struct nfgenmsg' is valid,
don't return -EINVAL
3) use likely() and unlikely() where apropriate
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nfnetlink.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c index 578e4fe..84efffd 100644 --- a/net/netfilter/nfnetlink.c +++ b/net/netfilter/nfnetlink.c @@ -163,17 +163,16 @@ nfnetlink_check_attributes(struct nfnetlink_subsystem *subsys, cb_id, subsys->cb_count); return -EINVAL; } - - attr_count = subsys->cb[cb_id].attr_count; - - memset(cda, 0, sizeof(struct nfattr *) * attr_count); - /* check attribute lengths. */ min_len = NLMSG_ALIGN(sizeof(struct nfgenmsg)); - if (nlh->nlmsg_len < min_len) + if (unlikely(nlh->nlmsg_len < min_len)) return -EINVAL; - if (nlh->nlmsg_len > min_len) { + attr_count = subsys->cb[cb_id].attr_count; + memset(cda, 0, sizeof(struct nfattr *) * attr_count); + + /* check attribute lengths. */ + if (likely(nlh->nlmsg_len > min_len)) { struct nfattr *attr = NFM_NFA(NLMSG_DATA(nlh)); int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len); @@ -186,8 +185,10 @@ nfnetlink_check_attributes(struct nfnetlink_subsystem *subsys, } attr = NFA_NEXT(attr, attrlen); } - } else - return -EINVAL; + } + + /* implicit: if nlmsg_len == min_len, we return 0, and an empty + * (zeroed) cda[] array. The message is valid, but empty. */ return 0; } |