On Tue, 2017-04-18 at 21:14 -0400, Jamal Hadi Salim wrote:
> From: Jamal Hadi Salim <[email protected]>
>
> + if (tcaa[TCAA_ACT_TIME_FILTER])
> + msecs_filter = nla_get_u32(tcaa[TCAA_ACT_TIME_FILTER]);
You forgot to add TCAA_ACT_TIME_FILTER in tcaa_policy
There is no guarantee user passed 32bit data here.
> +
> nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq,
> cb->nlh->nlmsg_type, sizeof(*t), 0);
> if (!nlh)
> goto out_module_put;
>
> + if (msecs_filter) {
> + unsigned long jiffy_msecs = msecs_to_jiffies(msecs_filter);
> + jiffy_wanted = jiffies - jiffy_msecs;
> + }
> +
> cb->args[2] = act_flags;
> + cb->args[3] = jiffy_wanted;
>
> t = nlmsg_data(nlh);
> t->tca_family = AF_UNSPEC;
