From: Mateusz Jurczyk
Date: Wed, 7 Jun 2017 16:41:57 +0200
> On Wed, Jun 7, 2017 at 4:18 PM, Florian Westphal wrote:
>> Mateusz Jurczyk wrote:
>>> Verify that the length of the socket buffer is sufficient to cover the
>>> nlmsghdr
On Wed, Jun 7, 2017 at 4:18 PM, Florian Westphal wrote:
> Mateusz Jurczyk wrote:
>> Verify that the length of the socket buffer is sufficient to cover the
>> nlmsghdr structure before accessing the nlh->nlmsg_len field for further
>> input sanitization. If
Verify that the length of the socket buffer is sufficient to cover the
nlmsghdr structure before accessing the nlh->nlmsg_len field for further
input sanitization. If the client only supplies 1-3 bytes of data in
sk_buff, then nlh->nlmsg_len remains partially uninitialized and
contains leftover
Mateusz Jurczyk wrote:
> Verify that the length of the socket buffer is sufficient to cover the
> nlmsghdr structure before accessing the nlh->nlmsg_len field for further
> input sanitization. If the client only supplies 1-3 bytes of data in
> sk_buff, then nlh->nlmsg_len