[PATCH 4/7] ip6: Perform sanity checks before processing nduseropt messages

From: Thomas Graf <tgraf redhat com>
To: dcbw redhat com
Cc: Thomas Graf <tgraf redhat com>, networkmanager-list gnome org
Subject: [PATCH 4/7] ip6: Perform sanity checks before processing nduseropt messages
Date: Fri, 9 Sep 2011 11:39:06 +0200

Verifies that the provided message consists of the nduseropt header
followed by an array of options as specified in the header.
---
 src/ip6-manager/nm-ip6-manager.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/src/ip6-manager/nm-ip6-manager.c b/src/ip6-manager/nm-ip6-manager.c
index a8e88be..721d43b 100644
--- a/src/ip6-manager/nm-ip6-manager.c
+++ b/src/ip6-manager/nm-ip6-manager.c
@@ -911,6 +911,13 @@ process_nduseropt (NMIP6Manager *manager, struct nl_msg *msg)
 
 	ndmsg = (struct nduseroptmsg *) NLMSG_DATA (nlmsg_hdr (msg));
 
+	if (!nlmsg_valid_hdr (nlmsg_hdr (msg), sizeof (*ndmsg)) ||
+	    nlmsg_datalen (nlmsg_hdr (msg)) <
+		(ndmsg->nduseropt_opts_len + sizeof (*ndmsg))) {
+		nm_log_dbg (LOGD_IP6, "ignoring invalid nduseropt message");
+		return NULL;
+	}
+
 	if (ndmsg->nduseropt_family != AF_INET6 ||
 		ndmsg->nduseropt_icmp_type != ND_ROUTER_ADVERT ||
 		ndmsg->nduseropt_icmp_code != 0) {
-- 
1.7.6

Follow-Ups:
- Re: [PATCH 4/7] ip6: Perform sanity checks before processing nduseropt messages
  - From: Dan Williams

References:
- [PATCH 0/7] Various libnl related fixes
  - From: Thomas Graf

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]