netfilter: nfnetlink: validate nfnetlink header from batch

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Make sure there is enough room for the nfnetlink header in the
netlink messages that are part of the batch. There is a similar
check in netlink_rcv_skb().

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Pablo Neira Ayuso 11 years ago 9ea2aa8b 8ca3f5e9

+2 -1

1 changed file

expand all

net

netfilter

nfnetlink.c

+2 -1

net/netfilter/nfnetlink.c

··· 321 321 nlh = nlmsg_hdr(skb); 322 322 err = 0; 323 323 324 - if (nlh->nlmsg_len < NLMSG_HDRLEN) { 324 + if (nlmsg_len(nlh) < sizeof(struct nfgenmsg) || 325 + skb->len < nlh->nlmsg_len) { 325 326 err = -EINVAL; 326 327 goto ack; 327 328 }