From: Sangwan Kwon <sangwan.kwon@samsung.com>
Date: Wed, 5 Feb 2020 06:12:56 +0000 (+0900)
Subject: Prevent integer overflow while reading netlink message
X-Git-Tag: submit/tizen/20200212.014429^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=69a93d1b791636d5828c6c9cefc06744a5cad8f5;p=platform%2Fcore%2Fsecurity%2Fklay.git

Prevent integer overflow while reading netlink message

Change-Id: Icc8430bb6090b71620650b9886478ba645a67b64
Signed-off-by: Sangwan Kwon <sangwan.kwon@samsung.com>
---

diff --git a/src/netlink/netlink.cpp b/src/netlink/netlink.cpp
index ea67f5f..7183101 100644
--- a/src/netlink/netlink.cpp
+++ b/src/netlink/netlink.cpp
@@ -19,6 +19,7 @@
 #include <linux/netlink.h>
 
 #include <cstring>
+#include <limits>
 
 #include <klay/error.h>
 #include <klay/exception.h>
@@ -119,6 +120,10 @@ Netlink::Message Netlink::recv(int options)
 
 	struct sockaddr_nl nladdr;
 	socklen_t nladdrlen = sizeof(nladdr);
+
+	if (nlh.nlmsg_len > (std::numeric_limits<decltype(nlh.nlmsg_len)>::max() - NLMSG_HDRLEN))
+		throw klay::Exception("Netlink message is too large.");
+
 	char buf[nlh.nlmsg_len + NLMSG_HDRLEN];
 	do {
 		ret = ::recvfrom(fd, buf, sizeof(buf), options,