Eric Biggers <ebigge...@gmail.com> wrote:
> > > - if (_payload) {
> > > + if (plen) {
> >
> > "if (_payload && plen)" would be better.
> >
> > David
>
> No, that doesn't solve the problem. The problem is that userspace can pass
> in a NULL payload with nonzero length, causing the kernel to dereference a
> NULL pointer for some key types. For example:Okay, in that case, I think there should be an else-statement that clears plen if !_payload. David
