summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorThomas Graf <tgraf@suug.ch>2015-01-06 01:04:21 +0100
committerDavid S. Miller <davem@davemloft.net>2015-01-06 04:38:22 +0100
commit149118d89355fb0e1a898f47977f8ae9be8e14e7 (patch)
treece3d14e96bbebea22427f2d0d61ee52d840d007e /include
parentMerge branch 'cxgb4-next' (diff)
downloadlinux-149118d89355fb0e1a898f47977f8ae9be8e14e7.tar.xz
linux-149118d89355fb0e1a898f47977f8ae9be8e14e7.zip
netlink: Warn on unordered or illegal nla_nest_cancel() or nlmsg_cancel()
Calling nla_nest_cancel() in a different order as the nesting was built up can lead to negative offsets being calculated which results in skb_trim() being called with an underflowed unsigned int. Warn if mark < skb->data as it's definitely a bug. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to '')
-rw-r--r--include/net/netlink.h4
1 files changed, 3 insertions, 1 deletions
diff --git a/include/net/netlink.h b/include/net/netlink.h
index 64158353ecb2..d5869b90bfbb 100644
--- a/include/net/netlink.h
+++ b/include/net/netlink.h
@@ -520,8 +520,10 @@ static inline void *nlmsg_get_pos(struct sk_buff *skb)
*/
static inline void nlmsg_trim(struct sk_buff *skb, const void *mark)
{
- if (mark)
+ if (mark) {
+ WARN_ON((unsigned char *) mark < skb->data);
skb_trim(skb, (unsigned char *) mark - skb->data);
+ }
}
/**