[PATCH] netfilter: nfnetlink_queue: Fix redundant comparison of unsigned value

From: Karol Przybylski
Date: Mon Dec 09 2024 - 15:49:40 EST


The comparison seclen >= 0 in net/netfilter/nfnetlink_queue.c is redundant because seclen is an unsigned value, and such comparisons are always true.

This patch removes the unnecessary comparison replacing it with just 'greater than'

Discovered in coverity, CID 1602243

Signed-off-by: Karol Przybylski <karprzy7@xxxxxxxxx>
---
net/netfilter/nfnetlink_queue.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 5110f29b2..eacb34ffb 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -643,7 +643,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,

if ((queue->flags & NFQA_CFG_F_SECCTX) && entskb->sk) {
seclen = nfqnl_get_sk_secctx(entskb, &ctx);
- if (seclen >= 0)
+ if (seclen > 0)
size += nla_total_size(seclen);
}

@@ -810,7 +810,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
}

nlh->nlmsg_len = skb->len;
- if (seclen >= 0)
+ if (seclen > 0)
security_release_secctx(&ctx);
return skb;

@@ -819,7 +819,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
kfree_skb(skb);
net_err_ratelimited("nf_queue: error creating packet message\n");
nlmsg_failure:
- if (seclen >= 0)
+ if (seclen > 0)
security_release_secctx(&ctx);
return NULL;
}
--
2.34.1