diff options
author | Hong zhi guo <honkiko@gmail.com> | 2013-03-25 21:36:33 +0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2013-03-26 20:35:27 +0400 |
commit | de179c8c12e9e5a292269fa59e7c26ca797dc7bf (patch) | |
tree | e14c3f431303e9fd538395bd4669fe9255252d7d /net/sched/cls_api.c | |
parent | 8dc57da2e23085642cad20d11385e13e079715c4 (diff) | |
download | linux-de179c8c12e9e5a292269fa59e7c26ca797dc7bf.tar.xz |
netlink: have length check of rtnl msg before deref
When the legacy array rtm_min still exists, the length check within
these functions is covered by rtm_min[RTM_NEWTFILTER],
rtm_min[RTM_NEWQDISC] and rtm_min[RTM_NEWTCLASS].
But after Thomas Graf removed rtm_min several days ago, these checks
are missing. Other doit functions should be OK.
Signed-off-by: Hong Zhiguo <honkiko@gmail.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sched/cls_api.c')
-rw-r--r-- | net/sched/cls_api.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c index 9a04b981bc13..9d71d4ded53b 100644 --- a/net/sched/cls_api.c +++ b/net/sched/cls_api.c @@ -141,7 +141,12 @@ static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n) if ((n->nlmsg_type != RTM_GETTFILTER) && !capable(CAP_NET_ADMIN)) return -EPERM; + replay: + err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, NULL); + if (err < 0) + return err; + t = nlmsg_data(n); protocol = TC_H_MIN(t->tcm_info); prio = TC_H_MAJ(t->tcm_info); @@ -164,10 +169,6 @@ replay: if (dev == NULL) return -ENODEV; - err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, NULL); - if (err < 0) - return err; - /* Find qdisc */ if (!parent) { q = dev->qdisc; |