From 89216bacbc44d6719668132626ffd66862be6dfc Mon Sep 17 00:00:00 2001
From: Max Kunzelmann <maxdev@posteo.de>
Date: Wed, 23 Mar 2022 20:42:58 +0100
Subject: [PATCH] Ensure check of nlmsg length is performed before actual
 access

Reviewed-by: Benny Baumann <BenBE@geshi.org>
Reviewed-by: Robert Geislinger <github@crpykng.de>
---
 lib/libnetlink.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/libnetlink.c b/lib/libnetlink.c
index 9af06232..0fe78943 100644
--- a/lib/libnetlink.c
+++ b/lib/libnetlink.c
@@ -732,13 +732,13 @@ int rtnl_dump_request_n(struct rtnl_handle *rth, struct nlmsghdr *n)
 static int rtnl_dump_done(struct nlmsghdr *h,
 			  const struct rtnl_dump_filter_arg *a)
 {
-	int len = *(int *)NLMSG_DATA(h);
-
 	if (h->nlmsg_len < NLMSG_LENGTH(sizeof(int))) {
 		fprintf(stderr, "DONE truncated\n");
 		return -1;
 	}
 
+	int len = *(int *)NLMSG_DATA(h);
+
 	if (len < 0) {
 		errno = -len;
 
-- 
2.38.1