Commit d922a1ce authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by Luis Henriques

netfilter: nfnetlink: validate nfnetlink header from batch

commit 9ea2aa8b upstream.

Make sure there is enough room for the nfnetlink header in the
netlink messages that are part of the batch. There is a similar
check in netlink_rcv_skb().
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
parent 1244fcc0
...@@ -273,7 +273,8 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh, ...@@ -273,7 +273,8 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
nlh = nlmsg_hdr(skb); nlh = nlmsg_hdr(skb);
err = 0; err = 0;
if (nlh->nlmsg_len < NLMSG_HDRLEN) { if (nlmsg_len(nlh) < sizeof(struct nfgenmsg) ||
skb->len < nlh->nlmsg_len) {
err = -EINVAL; err = -EINVAL;
goto ack; goto ack;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment