On (01/26/17 19:08), Willem de Bruijn wrote: > > Thanks for the context. ax25_addr_parse doesn't adjust length, it only > verifies that the contents of the variable length header matches > protocol spec. I don't think that it or the .validate callback have to > be modified to return length.
Yes, I noticed that too, but my reading of ax25_addr_parse was that it checks to see that a sane L2 header has been passed in, and if that (sane-header) is the case, it returns pointer to the start of data. Thus the returned (non-null) pointer minus start should tell you the "real" header length- is my understanding correct? > To ensure that skb_headlen(skb) is at least a valid header length even > when CAP_SYS_RAWIO bypasses validation perhaps revise > dev_validate_header to take an additional skb->len parameter and > call skb_put directly from inside that branch. but when I scanned the af_packet code (which appears to be the only thing that uses dev_validate_header today) it already sets up the skb->data and ->len pointers up correctly (based on len, hard_header_len etc) *before* calling dev_validate_header, so the additional skb_put is not needed? still havent googled up prior discussions that led to dev_validate_header- will probably do that tomorrow AM. --Sowmini
