Perform range check on len in nlmsg_reserve am: f83d9c1c67 am: d42374324d am: d9f824b744 am: 25edb109fc am: b0a4ed4800 am: 65d4de583a am: 45c4ce4768 am: 642a497f9c am: 170a7d24f4 am: 0a37ab0fdd

am: 1ff6ec5e40 Change-Id: If146c702bff80b8b6803567c10f98d5096653b1e
author: Paul Stewart <pstew@google.com> 2017-02-10 00:10:18 +0000
committer: android-build-merger <android-build-merger@google.com> 2017-02-10 00:10:18 +0000
commit: a1fbdcb6df21c71c26249a3f84a43a83370b9cf6 (patch)
tree: cde2bac0f3869b0893b2d9c16efdf41c0a8b7d96
parent: be91606750d5313cc6087faa29a91bb88113d7b6 (diff)
parent: 1ff6ec5e4092edfd244347c650cf9dd1a6d609a9 (diff)
download: libnl-a1fbdcb6df21c71c26249a3f84a43a83370b9cf6.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/msg.c b/lib/msg.c
index bcf1aa8d..01e533dc 100644
--- a/lib/msg.c
+++ b/lib/msg.c
@@ -410,6 +410,9 @@ void *nlmsg_reserve(struct nl_msg *n, size_t len, int pad)
 	size_t nlmsg_len = n->nm_nlh->nlmsg_len;
 	size_t tlen;
 
+	if (len > n->nm_size)
+		return NULL;
+
 	tlen = pad ? ((len + (pad - 1)) & ~(pad - 1)) : len;
 
 	if ((tlen + nlmsg_len) > n->nm_size)
author	Paul Stewart <pstew@google.com>	2017-02-10 00:10:18 +0000
committer	android-build-merger <android-build-merger@google.com>	2017-02-10 00:10:18 +0000
commit	a1fbdcb6df21c71c26249a3f84a43a83370b9cf6 (patch)
tree	cde2bac0f3869b0893b2d9c16efdf41c0a8b7d96
parent	be91606750d5313cc6087faa29a91bb88113d7b6 (diff)
parent	1ff6ec5e4092edfd244347c650cf9dd1a6d609a9 (diff)
download	libnl-a1fbdcb6df21c71c26249a3f84a43a83370b9cf6.tar.gz