Le 18/10/2019 à 20:27, Shu-Chun Weng a écrit : > (Re-sending to the list because I forgot to turn off HTML before and > it was bounced.) > > That does prevent the integer underflow, but it also changes the > behavior and I don't think the new behavior is desirable. > > If the extra payload has a smaller alignment than the header, it makes > sense for the user program to generate a nlmsg_len that is not a > multiple of the alignment. When it's the last entry, the new condition > will it because NLMSG_ALIGN pushes the aligned length over `len`, yet > the single entry processing function won't actually read beyond the > buffer as long as it's bounded by nlmsg_len.
Yes, you're right. So I think your patch is correct. Reviewed-by: Laurent Vivier <laur...@vivier.eu> Thanks, Laurent