This makes the filter length in sk_chk_filter() unsigned as it should be.
Signed-off-by: Kris Katterjohn <[EMAIL PROTECTED]>
This is a diff from 2.6.15.
The length should never be negative, and if the length were negative, the for
loop would fail.
Thanks!
--- x/net/core/filter.c 2006-01-02 21:21:10.000000000 -0600
+++ y/net/core/filter.c 2006-01-09 15:22:37.000000000 -0600
@@ -288,10 +288,10 @@ load_b:
*
* Returns 0 if the rule set is legal or a negative errno code if not.
*/
-int sk_chk_filter(struct sock_filter *filter, int flen)
+int sk_chk_filter(struct sock_filter *filter, unsigned int flen)
{
struct sock_filter *ftest;
- int pc;
+ unsigned int pc;
if (flen == 0 || flen > BPF_MAXINSNS)
return -EINVAL;
@@ -308,7 +308,7 @@ int sk_chk_filter(struct sock_filter *fi
* Compare this with conditional jumps below,
* where offsets are limited. --ANK (981016)
*/
- if (ftest->k >= (unsigned)(flen-pc-1))
+ if (ftest->k >= flen - pc - 1)
return -EINVAL;
} else {
/* for conditionals both must be safe */
--- x/include/linux/filter.h 2006-01-02 21:21:10.000000000 -0600
+++ y/include/linux/filter.h 2006-01-09 15:29:27.000000000 -0600
@@ -145,7 +145,7 @@ struct sock;
extern int sk_run_filter(struct sk_buff *skb, struct sock_filter *filter, int
flen);
extern int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk);
-extern int sk_chk_filter(struct sock_filter *filter, int flen);
+extern int sk_chk_filter(struct sock_filter *filter, unsigned int flen);
#endif /* __KERNEL__ */
#endif /* __LINUX_FILTER_H__ */
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
