| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Nov 2023 01:20:55 +0000
From: Max Kunzelmann <maxdev@...teo.de>
To: netdev@...r.kernel.org
Cc: stephen@...workplumber.org,
dsahern@...il.com,
Max Kunzelmann <maxdev@...teo.de>,
Benny Baumann <BenBE@...hi.org>,
Robert Geislinger <github@...ykng.de>
Subject: [PATCH iproute2] libnetlink: validate nlmsg header length first
Validate the nlmsg header length before accessing the nlmsg payload
length.
Fixes: 892a25e286fb ("libnetlink: break up dump function")
Signed-off-by: Max Kunzelmann <maxdev@...teo.de>
Reviewed-by: Benny Baumann <BenBE@...hi.org>
Reviewed-by: Robert Geislinger <github@...ykng.de>
---
lib/libnetlink.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/libnetlink.c b/lib/libnetlink.c
index 7edcd285..01648229 100644
--- a/lib/libnetlink.c
+++ b/lib/libnetlink.c
@@ -727,13 +727,15 @@ int rtnl_dump_request_n(struct rtnl_handle *rth, struct nlmsghdr *n)
static int rtnl_dump_done(struct nlmsghdr *h,
const struct rtnl_dump_filter_arg *a)
{
- int len = *(int *)NLMSG_DATA(h);
+ int len;
if (h->nlmsg_len < NLMSG_LENGTH(sizeof(int))) {
fprintf(stderr, "DONE truncated\n");
return -1;
}
+ len = *(int *)NLMSG_DATA(h);
+
if (len < 0) {
errno = -len;
--
2.42.0
Powered by blists - more mailing lists