Commit c164772d authored by David S. Miller's avatar David S. Miller

Revert "decnet: dn_rtmsg: Improve input length sanitization in dnrmg_receive_user_skb"

This reverts commit 85eac2ba.

There is an updated version of this fix which we should
use instead.
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 9065bc38
...@@ -102,9 +102,7 @@ static inline void dnrmg_receive_user_skb(struct sk_buff *skb) ...@@ -102,9 +102,7 @@ static inline void dnrmg_receive_user_skb(struct sk_buff *skb)
{ {
struct nlmsghdr *nlh = nlmsg_hdr(skb); struct nlmsghdr *nlh = nlmsg_hdr(skb);
if (skb->len < sizeof(nlh->nlmsg_len) || if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len)
nlh->nlmsg_len < sizeof(*nlh) ||
skb->len < nlh->nlmsg_len)
return; return;
if (!netlink_capable(skb, CAP_NET_ADMIN)) if (!netlink_capable(skb, CAP_NET_ADMIN))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment