diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-01-04 15:20:29 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-01-06 22:27:46 +0100 |
commit | 9ea2aa8b7dba9e99544c4187cc298face254569f (patch) | |
tree | 2d6056766f02f0f1682b52bc4f68fb4d8d1b8b29 | |
parent | 8ca3f5e974f2b4b7f711589f4abff920db36637a (diff) | |
download | op-kernel-dev-9ea2aa8b7dba9e99544c4187cc298face254569f.zip op-kernel-dev-9ea2aa8b7dba9e99544c4187cc298face254569f.tar.gz |
netfilter: nfnetlink: validate nfnetlink header from batch
Make sure there is enough room for the nfnetlink header in the
netlink messages that are part of the batch. There is a similar
check in netlink_rcv_skb().
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | net/netfilter/nfnetlink.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c index 13c2e17..c6619d4 100644 --- a/net/netfilter/nfnetlink.c +++ b/net/netfilter/nfnetlink.c @@ -321,7 +321,8 @@ replay: nlh = nlmsg_hdr(skb); err = 0; - if (nlh->nlmsg_len < NLMSG_HDRLEN) { + if (nlmsg_len(nlh) < sizeof(struct nfgenmsg) || + skb->len < nlh->nlmsg_len) { err = -EINVAL; goto ack; } |