Re: [PATCH 4/7] ip6: Perform sanity checks before processing nduseropt messages

From: Dan Williams <dcbw redhat com>
To: Thomas Graf <tgraf redhat com>
Cc: networkmanager-list gnome org
Subject: Re: [PATCH 4/7] ip6: Perform sanity checks before processing nduseropt messages
Date: Mon, 12 Sep 2011 17:05:00 -0500

On Fri, 2011-09-09 at 11:39 +0200, Thomas Graf wrote:
> Verifies that the provided message consists of the nduseropt header
> followed by an array of options as specified in the header.

I assume for libnl1 we use nlmsg_len() instead of nlmsg_datalen()?

Dan

> ---
>  src/ip6-manager/nm-ip6-manager.c |    7 +++++++
>  1 files changed, 7 insertions(+), 0 deletions(-)
> 
> diff --git a/src/ip6-manager/nm-ip6-manager.c b/src/ip6-manager/nm-ip6-manager.c
> index a8e88be..721d43b 100644
> --- a/src/ip6-manager/nm-ip6-manager.c
> +++ b/src/ip6-manager/nm-ip6-manager.c
> @@ -911,6 +911,13 @@ process_nduseropt (NMIP6Manager *manager, struct nl_msg *msg)
>  
>  	ndmsg = (struct nduseroptmsg *) NLMSG_DATA (nlmsg_hdr (msg));
>  
> +	if (!nlmsg_valid_hdr (nlmsg_hdr (msg), sizeof (*ndmsg)) ||
> +	    nlmsg_datalen (nlmsg_hdr (msg)) <
> +		(ndmsg->nduseropt_opts_len + sizeof (*ndmsg))) {
> +		nm_log_dbg (LOGD_IP6, "ignoring invalid nduseropt message");
> +		return NULL;
> +	}
> +
>  	if (ndmsg->nduseropt_family != AF_INET6 ||
>  		ndmsg->nduseropt_icmp_type != ND_ROUTER_ADVERT ||
>  		ndmsg->nduseropt_icmp_code != 0) {

References:
- [PATCH 0/7] Various libnl related fixes
  - From: Thomas Graf
- [PATCH 4/7] ip6: Perform sanity checks before processing nduseropt messages
  - From: Thomas Graf

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]