diff options
author | Patrick McHardy <kaber@trash.net> | 2006-02-04 11:13:57 +0100 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-02-05 08:51:19 +0100 |
commit | ad2ad0f96546d6d56b2665bcc863c33ae57c49c4 (patch) | |
tree | 9c5f6357bd7a0ecb4748acfaf19a04ea3149707b /net/ipv4 | |
parent | [NETFILTER]: ULOG/nfnetlink_log: Use better default value for 'nlbufsiz' (diff) | |
download | linux-ad2ad0f96546d6d56b2665bcc863c33ae57c49c4.tar.xz linux-ad2ad0f96546d6d56b2665bcc863c33ae57c49c4.zip |
[NETFILTER]: Fix undersized skb allocation in ipt_ULOG/ebt_ulog/nfnetlink_log
The skb allocated is always of size nlbufsize, even if that is smaller than
the size needed for the current packet.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/ipt_ULOG.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index 2fe64133bba3..180a9ea57b69 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c @@ -147,22 +147,26 @@ static void ulog_timer(unsigned long data) static struct sk_buff *ulog_alloc_skb(unsigned int size) { struct sk_buff *skb; + unsigned int n; /* alloc skb which should be big enough for a whole * multipart message. WARNING: has to be <= 131000 * due to slab allocator restrictions */ - skb = alloc_skb(nlbufsiz, GFP_ATOMIC); + n = max(size, nlbufsiz); + skb = alloc_skb(n, GFP_ATOMIC); if (!skb) { - PRINTR("ipt_ULOG: can't alloc whole buffer %ub!\n", - nlbufsiz); + PRINTR("ipt_ULOG: can't alloc whole buffer %ub!\n", n); - /* try to allocate only as much as we need for - * current packet */ + if (n > size) { + /* try to allocate only as much as we need for + * current packet */ - skb = alloc_skb(size, GFP_ATOMIC); - if (!skb) - PRINTR("ipt_ULOG: can't even allocate %ub\n", size); + skb = alloc_skb(size, GFP_ATOMIC); + if (!skb) + PRINTR("ipt_ULOG: can't even allocate %ub\n", + size); + } } return skb; |