projects
/
platform
/
upstream
/
libnl2.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
596ab47
)
lib: check for integer-overflow in nlmsg_reserve()
57/222357/1
accepted/tizen_4.0_unified
tizen_4.0
accepted/tizen/4.0/unified/20200117.010751
submit/tizen_4.0/20200116.015004
author
Seonah Moon
<seonah1.moon@samsung.com>
Tue, 14 Jan 2020 04:25:47 +0000
(13:25 +0900)
committer
Seonah Moon
<seonah1.moon@samsung.com>
Tue, 14 Jan 2020 04:25:50 +0000
(13:25 +0900)
CVE-2017-0553
http://git.infradead.org/users/tgr/libnl.git/commit/
3e18948f17148e6a3c4255bdeaaf01ef6081ceeb
Change-Id: I0dd48fdc70d09d86679f1965225cf8f86bb87968
lib/msg.c
patch
|
blob
|
history
diff --git
a/lib/msg.c
b/lib/msg.c
index
9fe9d54
..
91b86cb
100644
(file)
--- a/
lib/msg.c
+++ b/
lib/msg.c
@@
-518,6
+518,9
@@
void *nlmsg_reserve(struct nl_msg *n, size_t len, int pad)
size_t nlmsg_len = n->nm_nlh->nlmsg_len;
size_t tlen;
+ if (len > n->nm_size)
+ return NULL;
+
tlen = pad ? ((len + (pad - 1)) & ~(pad - 1)) : len;
if ((tlen + nlmsg_len) > n->nm_size)