lib: check for integer-overflow in nlmsg_reserve()
In general, libnl functions are not robust against calling with
invalid arguments. Thus, never call libnl functions with invalid
arguments. In case of nlmsg_reserve() this means never provide
a @len argument that causes overflow.
Still, add an additional safeguard to avoid exploiting such bugs.
Assume that @pad is a trusted, small integer.
Assume that n->nm_size is a valid number of allocated bytes (and thus
much smaller then SIZE_T_MAX).
Assume, that @len may be set to an untrusted value. Then the patch
avoids an integer overflow resulting in reserving too few bytes.
http://git.infradead.org/users/tgr/libnl.git/commit/
3e18948f17148e6a3c4255bdeaaf01ef6081ceeb
Fix CVE-2017-0553
Change-Id: Ia9ad5040d866d2cc4c1c76eac5275d66edda338b
Signed-off-by: Cheoleun Moon <chleun.moon@samsung.com>
route: remove unnecessary include of private linux/if.h
Including linux/if.h in netlink/route/link.h causes issues
in cases where libnl is used in conjuntion with other third
party libraries that include net/if.h. Seems to be a long
checkered history of symbol collisions between these two
files. As it turns out, including linux/if.h from within
netlink/route/link.h is actually unecessary. I resurrected
a forgotten path from this thread:
http://lists.infradead.org/pipermail/libnl/2012-April/000525.html
By removing the include as the patch suggests we can get
around the nuissance of the symbol collisions.
https://github.com/thom311/libnl/pull/73
Note: This patch is backported from
http://git.infradead.org/users/tgr/libnl.git/patch/
50a76998ac36ace3716d3c979b352fac73cfc80a
Change-Id: I6651c84e55870963825180c2732de581e6bb0ab6
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
projects / platform / upstream / libnl3.git / log