netlink: have length check of rtnl msg before deref

When the legacy array rtm_min still exists, the length check within these functions is covered by rtm_min[RTM_NEWTFILTER], rtm_min[RTM_NEWQDISC] and rtm_min[RTM_NEWTCLASS]. But after Thomas Graf removed rtm_min several days ago, these checks are missing. Other doit functions should be OK. Signed-off-by: Hong Zhiguo <honkiko@gmail.com> Acked-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Hong zhi guo <honkiko@gmail.com> 2013-03-25 13:36:33 -0400
committer: David S. Miller <davem@davemloft.net> 2013-03-26 12:35:27 -0400
commit: de179c8c12e9e5a292269fa59e7c26ca797dc7bf (patch)
tree: e14c3f431303e9fd538395bd4669fe9255252d7d /net/sched/cls_api.c
parent: 8dc57da2e23085642cad20d11385e13e079715c4 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index 9a04b981bc13..9d71d4ded53b 100644
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -141,7 +141,12 @@ static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n)
        if ((n->nlmsg_type != RTM_GETTFILTER) && !capable(CAP_NET_ADMIN))
                return -EPERM;
 replay:
+        err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, NULL);
+        if (err < 0)
+                return err;
        t = nlmsg_data(n);
        protocol = TC_H_MIN(t->tcm_info);
        prio = TC_H_MAJ(t->tcm_info);
@@ -164,10 +169,6 @@ replay:
        if (dev == NULL)
                return -ENODEV;
-        err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, NULL);
-        if (err < 0)
-                return err;
        /* Find qdisc */
        if (!parent) {
                q = dev->qdisc;
author	Hong zhi guo <honkiko@gmail.com>	2013-03-25 13:36:33 -0400
committer	David S. Miller <davem@davemloft.net>	2013-03-26 12:35:27 -0400
commit	de179c8c12e9e5a292269fa59e7c26ca797dc7bf (patch)
tree	e14c3f431303e9fd538395bd4669fe9255252d7d /net/sched/cls_api.c
parent	8dc57da2e23085642cad20d11385e13e079715c4 (diff)