Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 149118d8 authored by Thomas Graf's avatar Thomas Graf Committed by David S. Miller
Browse files

netlink: Warn on unordered or illegal nla_nest_cancel() or nlmsg_cancel() 



Calling nla_nest_cancel() in a different order as the nesting was
built up can lead to negative offsets being calculated which
results in skb_trim() being called with an underflowed unsigned
int. Warn if mark < skb->data as it's definitely a bug.

Signed-off-by: default avatarThomas Graf <tgraf@suug.ch>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent a515abd7

include/net/netlink.h

+3 −1
Original line number Diff line number Diff line
@@ -520,9 +520,11 @@ static inline void *nlmsg_get_pos(struct sk_buff *skb) 
 */

static inline void nlmsg_trim(struct sk_buff *skb, const void *mark)

{

	if (mark)

	if (mark) {

		WARN_ON((unsigned char *) mark < skb->data);

		skb_trim(skb, (unsigned char *) mark - skb->data);

	}

}



/**

 * nlmsg_cancel - Cancel construction of a netlink message