From 8b8a46cb65e5b2af73dc6123afd03e2179992b9e Mon Sep 17 00:00:00 2001
From: Seonah Moon <seonah1.moon@samsung.com>
Date: Tue, 14 Jan 2020 13:25:47 +0900
Subject: [PATCH] lib: check for integer-overflow in nlmsg_reserve()

CVE-2017-0553
http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb

Change-Id: I0dd48fdc70d09d86679f1965225cf8f86bb87968
---
 lib/msg.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/msg.c b/lib/msg.c
index 9fe9d54..91b86cb 100644
--- a/lib/msg.c
+++ b/lib/msg.c
@@ -518,6 +518,9 @@ void *nlmsg_reserve(struct nl_msg *n, size_t len, int pad)
 	size_t nlmsg_len = n->nm_nlh->nlmsg_len;
 	size_t tlen;
 
+	if (len > n->nm_size)
+		return NULL;
+
 	tlen = pad ? ((len + (pad - 1)) & ~(pad - 1)) : len;
 
 	if ((tlen + nlmsg_len) > n->nm_size)
-- 
2.7.4