From: Paul Moore <pmoore@redhat.com>
To: David Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Subject: Re: [PATCH] cipso: simplify cipso_v4_translate() when !CONFIG_NETLABEL
Date: Wed, 20 Nov 2013 14:45:19 -0500 [thread overview]
Message-ID: <4007061.3MtKnenLV1@sifl> (raw)
In-Reply-To: <20131120.143407.4095832971724166.davem@davemloft.net>
On Wednesday, November 20, 2013 02:34:07 PM David Miller wrote:
> From: Paul Moore <pmoore@redhat.com>
> Date: Wed, 20 Nov 2013 14:25:48 -0500
>
> > Previous commits corrected some problems with cipso_v4_translate()
> > when CONFIG_NETLABEL=n but some additional work is needed to tidy
> > things up a bit.
> >
> > Signed-off-by: Paul Moore <pmoore@redhat.com>
>
> That's really vague, please describe exactly what is wrong with the
> existing conditional and how you have fixed it.
I kinda figured the one line patch and "some additional work is needed to tidy
things up a bit" summed it up nicely, but I guess not so here ya go ...
First, for reference, here is the diff one more time (some whitespace damage
in the paste below for readability):
> diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h
> index a8c2ef6..2244e02 100644
> --- a/include/net/cipso_ipv4.h
> +++ b/include/net/cipso_ipv4.h
> @@ -304,7 +304,7 @@ static inline int cipso_v4_validate(...)
> for (opt_iter = 6; opt_iter < opt_len;) {
> tag_len = opt[opt_iter + 1];
>
> - if ((tag_len == 0) || (opt[opt_iter + 1] > (opt_len - opt_iter))) {
> + if ((tag_len == 0) || (tag_len > (opt_len - opt_iter))) {
> err_offset = opt_iter + 1;
> goto out;
> }
Looking at the original conditional:
if ((tag_len == 0) || (opt[opt_iter + 1] > (opt_len - opt_iter))
... and the replacement:
if ((tag_len == 0) || (tag_len > (opt_len - opt_iter)))
... we notice that "(opt[opt_iter + 1] > (opt_len - opt_iter))" has been
replaced with "(tag_len > (opt_len - opt_iter))", substituting 'tag_len' for
'opt[opt_iter + 1]'. This is acceptable because the the first statement in
the for loop is:
tag_len = opt[opt_iter + 1]
... which matches the substitution in the conditional. I'm not sure how much
more explicit I can be about this change, it is really pretty minor.
--
paul moore
security and virtualization @ redhat
next prev parent reply other threads:[~2013-11-20 19:45 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-20 19:25 [PATCH] cipso: simplify cipso_v4_translate() when !CONFIG_NETLABEL Paul Moore
2013-11-20 19:34 ` David Miller
2013-11-20 19:45 ` Paul Moore [this message]
2013-11-20 19:55 ` David Miller
2013-11-20 19:59 ` Paul Moore
2013-11-20 20:06 ` David Miller
2013-11-20 20:09 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4007061.3MtKnenLV1@sifl \
--to=pmoore@redhat.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.