This patch fixes a bug in the __cn_rx_skb() routine when checking the
size of the netlink message.
It applies to 2.6.12-rc1-mm3.
Signed-off-by: Evgeniy Polyakov <[EMAIL PROTECTED]>
---
connector.c | 9 ++++-----
1 files changed, 4 insertions(+), 5 deletions(-)
Index: linux-2.6.12-rc1-mm3-cnfork/drivers/connector/connector.c
===================================================================
--- linux-2.6.12-rc1-mm3-cnfork.orig/drivers/connector/connector.c
2005-03-25 10:42:57.000000000 +0100
+++ linux-2.6.12-rc1-mm3-cnfork/drivers/connector/connector.c 2005-03-25
10:43:16.000000000 +0100
@@ -168,12 +168,11 @@ static int __cn_rx_skb(struct sk_buff *s
group = NETLINK_CB((skb)).groups;
msg = (struct cn_msg *)NLMSG_DATA(nlh);
- if (msg->len != nlh->nlmsg_len - sizeof(*msg) - sizeof(*nlh)) {
+ if (NLMSG_SPACE(msg->len + sizeof(*msg)) != nlh->nlmsg_len) {
printk(KERN_ERR "skb does not have enough length: "
- "requested msg->len=%u[%u],
nlh->nlmsg_len=%u[%u], skb->len=%u[must be %u].\n",
- msg->len, NLMSG_SPACE(msg->len),
- nlh->nlmsg_len, nlh->nlmsg_len - sizeof(*nlh),
- skb->len, msg->len + sizeof(*msg));
+ "requested msg->len=%u[%u], nlh->nlmsg_len=%u,
skb->len=%u.\n",
+ msg->len, NLMSG_SPACE(msg->len + sizeof(*msg)),
+ nlh->nlmsg_len, skb->len);
kfree_skb(skb);
return -EINVAL;
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
