Perform range check on len in nlmsg_reserve am: f83d9c1c67 am: d42374324d am: d9f824b744 am: 25edb109fc am: b0a4ed4800 am: 65d4de583a am: 45c4ce4768 am: 642a497f9c am: 170a7d24f4 am: 0a37ab0fdd am: 1ff6ec5e40

am: a96b31573c Change-Id: I82d5bd8efec6f09becb413ecbcc01e814283243a
author: Paul Stewart <pstew@google.com> 2017-02-10 00:11:48 +0000
committer: android-build-merger <android-build-merger@google.com> 2017-02-10 00:11:48 +0000
commit: adef396d158e0f097eb846bde004d934b7da612e (patch)
tree: cde2bac0f3869b0893b2d9c16efdf41c0a8b7d96
parent: c9bc7966fa26641f0b87acb81c5112e69b653b0c (diff)
parent: a96b31573c9e18cdd5feb9a448479c38e4b7ab80 (diff)
download: libnl-adef396d158e0f097eb846bde004d934b7da612e.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/msg.c b/lib/msg.c
index bcf1aa8d..01e533dc 100644
--- a/lib/msg.c
+++ b/lib/msg.c
@@ -410,6 +410,9 @@ void *nlmsg_reserve(struct nl_msg *n, size_t len, int pad)
 	size_t nlmsg_len = n->nm_nlh->nlmsg_len;
 	size_t tlen;
 
+	if (len > n->nm_size)
+		return NULL;
+
 	tlen = pad ? ((len + (pad - 1)) & ~(pad - 1)) : len;
 
 	if ((tlen + nlmsg_len) > n->nm_size)
author	Paul Stewart <pstew@google.com>	2017-02-10 00:11:48 +0000
committer	android-build-merger <android-build-merger@google.com>	2017-02-10 00:11:48 +0000
commit	adef396d158e0f097eb846bde004d934b7da612e (patch)
tree	cde2bac0f3869b0893b2d9c16efdf41c0a8b7d96
parent	c9bc7966fa26641f0b87acb81c5112e69b653b0c (diff)
parent	a96b31573c9e18cdd5feb9a448479c38e4b7ab80 (diff)
download	libnl-adef396d158e0f097eb846bde004d934b7da612e.tar.gz