lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231107012147.668074-1-maxdev@posteo.de> Date: Tue, 7 Nov 2023 01:20:55 +0000 From: Max Kunzelmann <maxdev@...teo.de> To: netdev@...r.kernel.org Cc: stephen@...workplumber.org, dsahern@...il.com, Max Kunzelmann <maxdev@...teo.de>, Benny Baumann <BenBE@...hi.org>, Robert Geislinger <github@...ykng.de> Subject: [PATCH iproute2] libnetlink: validate nlmsg header length first Validate the nlmsg header length before accessing the nlmsg payload length. Fixes: 892a25e286fb ("libnetlink: break up dump function") Signed-off-by: Max Kunzelmann <maxdev@...teo.de> Reviewed-by: Benny Baumann <BenBE@...hi.org> Reviewed-by: Robert Geislinger <github@...ykng.de> --- lib/libnetlink.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/libnetlink.c b/lib/libnetlink.c index 7edcd285..01648229 100644 --- a/lib/libnetlink.c +++ b/lib/libnetlink.c @@ -727,13 +727,15 @@ int rtnl_dump_request_n(struct rtnl_handle *rth, struct nlmsghdr *n) static int rtnl_dump_done(struct nlmsghdr *h, const struct rtnl_dump_filter_arg *a) { - int len = *(int *)NLMSG_DATA(h); + int len; if (h->nlmsg_len < NLMSG_LENGTH(sizeof(int))) { fprintf(stderr, "DONE truncated\n"); return -1; } + len = *(int *)NLMSG_DATA(h); + if (len < 0) { errno = -len; -- 2.42.0
Powered by blists - more mailing lists