[PATCH] NETWORKING: avoid use IPCB in cipso_v4_error

David Miller davem at davemloft.net
Tue Feb 19 01:25:44 UTC 2019


From: Nazarov Sergey <s-nazarov at yandex.ru>
Date: Mon, 18 Feb 2019 16:39:11 +0300

> I think, it would not be a good solution, if I will analyze all
> subsystems using icmp_send, because I do not have enough knowledge
> for this.  I propose to add a new function, for example,
> ismp_send_safe, something like that:

Please don't do this.

Solve the problem properly by auditing each case, there aren't a lot and
it is not too difficult to see the upcall sites.



More information about the Linux-security-module-archive mailing list