On 06/23/2016 07:16 AM, Pablo Neira Ayuso wrote:
> On Wed, Jun 01, 2016 at 08:11:38PM -0400, Vishwanath Pai wrote:
>> +static void
>> +cfg_copy(struct hashlimit_cfg2 *to, void *from, int revision)
>> +{
>> +if (revision == 1) {
>> +struct hashlimit_cfg1 *cfg = (struct hashlimit_cfg1 *)from;
>> +
>> +to->mode = cfg->mode;
>> +to->avg = cfg->avg;
>> +to->burst = cfg->burst;
>> +to->size = cfg->size;
>> +to->max = cfg->max;
>> +to->gc_interval = cfg->gc_interval;
>> +to->expire = cfg->expire;
>> +to->srcmask = cfg->srcmask;
>> +to->dstmask = cfg->dstmask;
>> +} else if (revision == 2) {
>> +memcpy(to, from, sizeof(struct hashlimit_cfg2));
>> +} else {
>> +BUG();
>
> BUG here is probably too much, this halts the system. I can see we
> only use this somewhere else in this code. Instead, I'd suggest you
> propagate an error back to userspace if this ever happen.
>
> I would like to see if this spots any problem with our test
> infrastructure under iptables/.
>
> Thanks.
>
copy_cfg is only used internally by the kernel module and the value for
revision is passed to the function by the module itself and not from
userspace. I will remove BUG() and propagate the error back to the
caller, will send a v2.
