|
@@ -102,7 +102,9 @@ static inline void dnrmg_receive_user_skb(struct sk_buff *skb)
|
|
|
{
|
|
{
|
|
|
struct nlmsghdr *nlh = nlmsg_hdr(skb);
|
|
struct nlmsghdr *nlh = nlmsg_hdr(skb);
|
|
|
|
|
|
|
|
- if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len)
|
|
|
|
|
|
|
+ if (skb->len < sizeof(nlh->nlmsg_len) ||
|
|
|
|
|
+ nlh->nlmsg_len < sizeof(*nlh) ||
|
|
|
|
|
+ skb->len < nlh->nlmsg_len)
|
|
|
return;
|
|
return;
|
|
|
|
|
|
|
|
if (!netlink_capable(skb, CAP_NET_ADMIN))
|
|
if (!netlink_capable(skb, CAP_NET_ADMIN))
|
Mateusz Jurczyk