diff options
author | Hoang Le <hoang.h.le@dektech.com.au> | 2020-12-15 10:31:51 +0700 |
---|---|---|
committer | Jakub Kicinski <kuba@kernel.org> | 2020-12-16 12:45:02 -0800 |
commit | c32c928d29deb2636e5889f59305cc15b004909f (patch) | |
tree | 0a502fc7b5170e2c3ccdb823e43825e6cb5983fd /net | |
parent | 023cae857b347b6f5577eebade21a843f3621f85 (diff) | |
download | lwn-c32c928d29deb2636e5889f59305cc15b004909f.tar.gz lwn-c32c928d29deb2636e5889f59305cc15b004909f.zip |
tipc: do sanity check payload of a netlink message
When we initialize nlmsghdr with no payload inside tipc_nl_compat_dumpit()
the parsing function returns -EINVAL. We fix it by making the parsing call
conditional.
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au>
Link: https://lore.kernel.org/r/20201215033151.76139-1-hoang.h.le@dektech.com.au
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/tipc/netlink_compat.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c index 82f154989418..5a1ce64039f7 100644 --- a/net/tipc/netlink_compat.c +++ b/net/tipc/netlink_compat.c @@ -213,12 +213,14 @@ static int __tipc_nl_compat_dumpit(struct tipc_nl_compat_cmd_dump *cmd, } info.attrs = attrbuf; - err = nlmsg_parse_deprecated(cb.nlh, GENL_HDRLEN, attrbuf, - tipc_genl_family.maxattr, - tipc_genl_family.policy, NULL); - if (err) - goto err_out; + if (nlmsg_len(cb.nlh) > 0) { + err = nlmsg_parse_deprecated(cb.nlh, GENL_HDRLEN, attrbuf, + tipc_genl_family.maxattr, + tipc_genl_family.policy, NULL); + if (err) + goto err_out; + } do { int rem; |