David, please do
git revert 4f7df337fe79bba1e4c2d525525d63b5ba186bbd
I'm an idiot.
All rationale in the commit would be correct if reading "nla_len"
didn't require memory access. But it does.
return rem >= (int)sizeof(*nla) &&
nla->nla_len >= sizeof(*nla) &&
nla->nla_len <= remaining;
Those logical ands ensure that memory access is not done
if "rem" is small enough to even fetch ->nla_len.
Maybe someone could vouch that other checks prevent
this kind of situation from happening but not me.
How very embarrassing.
Signed-off-by: Alexey Dobriyan <[email protected]>
