netlink: Warn on unordered or illegal nla_nest_cancel() or nlmsg_cancel()
Calling nla_nest_cancel() in a different order as the nesting was built up can lead to negative offsets being calculated which results in skb_trim() being called with an underflowed unsigned int. Warn if mark < skb->data as it's definitely a bug. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
a515abd777
commit
149118d893
|
@ -520,8 +520,10 @@ static inline void *nlmsg_get_pos(struct sk_buff *skb)
|
|||
*/
|
||||
static inline void nlmsg_trim(struct sk_buff *skb, const void *mark)
|
||||
{
|
||||
if (mark)
|
||||
if (mark) {
|
||||
WARN_ON((unsigned char *) mark < skb->data);
|
||||
skb_trim(skb, (unsigned char *) mark - skb->data);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in New Issue