diff options
author | Thomas Graf <tgraf@suug.ch> | 2015-01-06 03:04:21 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-01-06 06:38:22 +0300 |
commit | 149118d89355fb0e1a898f47977f8ae9be8e14e7 (patch) | |
tree | ce3d14e96bbebea22427f2d0d61ee52d840d007e /include/net/netlink.h | |
parent | a515abd7771c991dee302d1e22e695d2a32daa3e (diff) | |
download | linux-149118d89355fb0e1a898f47977f8ae9be8e14e7.tar.xz |
netlink: Warn on unordered or illegal nla_nest_cancel() or nlmsg_cancel()
Calling nla_nest_cancel() in a different order as the nesting was
built up can lead to negative offsets being calculated which
results in skb_trim() being called with an underflowed unsigned
int. Warn if mark < skb->data as it's definitely a bug.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/netlink.h')
-rw-r--r-- | include/net/netlink.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/include/net/netlink.h b/include/net/netlink.h index 64158353ecb2..d5869b90bfbb 100644 --- a/include/net/netlink.h +++ b/include/net/netlink.h @@ -520,8 +520,10 @@ static inline void *nlmsg_get_pos(struct sk_buff *skb) */ static inline void nlmsg_trim(struct sk_buff *skb, const void *mark) { - if (mark) + if (mark) { + WARN_ON((unsigned char *) mark < skb->data); skb_trim(skb, (unsigned char *) mark - skb->data); + } } /** |