> Maybe someone could vouch that other checks prevent > this kind of situation from happening but not me.
No, now that you spell it out (and I see the patch) - this is absolutely needed because nla_for_each_attr() [1] can be called on arbitrary data coming from userspace in a message, e.g. by way of nla_for_each_nested(). Even if it's not malformed, nla_ok() is the only abort condition for that loop, so it would read at least one nla_len after the real buffer without that condition. johannes [1] which seems to be the only significant user thereof