On Tue, Feb 28, 2017 at 10:33:53AM +0100, Martin Pieuchot wrote:
> On 28/02/17(Tue) 07:15, Claudio Jeker wrote:
> > On Mon, Feb 27, 2017 at 10:22:03PM +0100, Alexander Bluhm wrote:
> > [...]
> > > > +int
> > > > +pfkey_attach(struct socket *so, int proto)
> > > > {
> > >
> > > I think you forgot the check from pfkey_usrreq() here.
> > >
> > > if ((socket->so_proto->pr_protocol > PFKEY_PROTOCOL_MAX) ||
> > > (socket->so_proto->pr_protocol < 0) ||
> > > !pfkey_versions[socket->so_proto->pr_protocol])
> > > return (EPROTONOSUPPORT);
> > >
> >
> > Good catch. Something like that needs to be added.
> > Not sure if I should use proto or the socket->so_proto->pr_protocol...
>
> Use proto when you can. All the code manipulating ``socket'' will be
> soon audited to check if it needs some MP protection or not. So less
> code to audit makes our lifes easier :)
That's my plan but since pfkey creates the protosw struct dynamically I
need to double check if that is the same.
--
:wq Claudio
