Fix the last missing check of nla_parse()

In dump_init() the outdated comment was incorrect and we had a missing validation check of nla_parse().
author: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2019-01-10 21:00:16 +0100
committer: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2019-01-10 21:00:16 +0100
commit: c0886661ee90d7cfd8ef1d2c5be7c1c9944577e1 (patch)
tree: 7e61ab4083390cf6a5bd9e27b96f854a2f306856 /kernel
parent: 8eaaf16019a0bde44959654faa93c417f1973d9c (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index a3739be..0a03f69 100644
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -1303,10 +1303,13 @@ dump_init(struct netlink_callback *cb, struct ip_set_net *inst)
 	struct nlattr *attr = (void *)nlh + min_len;
 	u32 dump_type;
 	ip_set_id_t index;
+	int ret;
 
-	/* Second pass, so parser can't fail */
-	NLA_PARSE(cda, IPSET_ATTR_CMD_MAX, attr, nlh->nlmsg_len - min_len,
-		  ip_set_setname_policy, NULL);
+	ret = NLA_PARSE(cda, IPSET_ATTR_CMD_MAX, attr,
+			nlh->nlmsg_len - min_len,
+			ip_set_setname_policy, NULL);
+	if (ret)
+		return ret;
 
 	cb->args[IPSET_CB_PROTO] = nla_get_u8(cda[IPSET_ATTR_PROTOCOL]);
 	if (cda[IPSET_ATTR_SETNAME]) {
author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2019-01-10 21:00:16 +0100
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2019-01-10 21:00:16 +0100
commit	c0886661ee90d7cfd8ef1d2c5be7c1c9944577e1 (patch)
tree	7e61ab4083390cf6a5bd9e27b96f854a2f306856 /kernel
parent	8eaaf16019a0bde44959654faa93c417f1973d9c (diff)