This patch fixes a bug in the __cn_rx_skb() routine when checking the
size of the netlink message.
It applies to 2.6.11-mm4.
Signed-off-by: Evgeniy Polyakov <[email protected]>
---
connector.c | 9 ++++-----
1 files changed, 4 insertions(+), 5 deletions(-)
Index: linux-2.6.11-mm4-cnfork/drivers/connector/connector.c
===================================================================
--- linux-2.6.11-mm4-cnfork.orig/drivers/connector/connector.c 2005-03-16 14:21:46.000000000 +0100
+++ linux-2.6.11-mm4-cnfork/drivers/connector/connector.c 2005-03-16 14:51:04.000000000 +0100
@@ -168,12 +168,11 @@
group = NETLINK_CB((skb)).groups;
msg = (struct cn_msg *)NLMSG_DATA(nlh);
- if (msg->len != nlh->nlmsg_len - sizeof(*msg) - sizeof(*nlh)) {
+ if (NLMSG_SPACE(msg->len + sizeof(*msg)) != nlh->nlmsg_len) {
printk(KERN_ERR "skb does not have enough length: "
- "requested msg->len=%u[%u], nlh->nlmsg_len=%u[%u], skb->len=%u[must be %u].\n",
- msg->len, NLMSG_SPACE(msg->len),
- nlh->nlmsg_len, nlh->nlmsg_len - sizeof(*nlh),
- skb->len, msg->len + sizeof(*msg));
+ "requested msg->len=%u[%u], nlh->nlmsg_len=%u, skb->len=%u.\n",
+ msg->len, NLMSG_SPACE(msg->len + sizeof(*msg)),
+ nlh->nlmsg_len, skb->len);
kfree_skb(skb);
return -EINVAL;
}