| commit | 49600c713e0a46e38a6ac1c560cac5561d464adb | |
| author | Nelson Elhage <nelhage@ksplice.com> | |
| Wed, 3 Nov 2010 16:35:41 +0000 (3 16:35 +0000) | ||
| committer | Greg Kroah-Hartman <gregkh@suse.de> | |
| Thu, 14 Apr 2011 23:53:13 +0000 (14 16:53 -0700) | ||
| tree | ca8ed54683768ddf88963c196ad843f4763a8408 | treesnapshot (tar.gz zip) |
| parent | 51d7a20fca5f8e96646e51bf9645da08f14e7a22 | commitdiff |
inet_diag: Make sure we actually run the same bytecode we audited.
commit 22e76c849d505d87c5ecf3d3e6742a65f0ff4860 upstream.
We were using nlmsg_find_attr() to look up the bytecode by attribute when
auditing, but then just using the first attribute when actually running
bytecode. So, if we received a message with two attribute elements, where only
the second had type INET_DIAG_REQ_BYTECODE, we would validate and run different
bytecode strings.
Fix this by consistently using nlmsg_find_attr everywhere.
Signed-off-by: Nelson Elhage <nelhage@ksplice.com>
Signed-off-by: Thomas Graf <tgraf@infradead.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit 22e76c849d505d87c5ecf3d3e6742a65f0ff4860 upstream.
We were using nlmsg_find_attr() to look up the bytecode by attribute when
auditing, but then just using the first attribute when actually running
bytecode. So, if we received a message with two attribute elements, where only
the second had type INET_DIAG_REQ_BYTECODE, we would validate and run different
bytecode strings.
Fix this by consistently using nlmsg_find_attr everywhere.
Signed-off-by: Nelson Elhage <nelhage@ksplice.com>
Signed-off-by: Thomas Graf <tgraf@infradead.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| net/ipv4/inet_diag.c | diffblobblamehistory |