[NETFILTER]: Fix undersized skb allocation in ipt_ULOG/ebt_ulog/nfnetlink_log

The skb allocated is always of size nlbufsize, even if that is smaller than
the size needed for the current packet.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 11 insertions, 7 deletions

diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index 50787af86d7d..3b3c781b40c0 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -314,24 +314,28 @@ static struct sk_buff *nfulnl_alloc_skb(unsigned int inst_size,
                                         unsigned int pkt_size)
 {
         struct sk_buff *skb;
+        unsigned int n;
 
         UDEBUG("entered (%u, %u)\n", inst_size, pkt_size);
 
         /* alloc skb which should be big enough for a whole multipart
          * message.  WARNING: has to be <= 128k due to slab restrictions */
 
-        skb = alloc_skb(inst_size, GFP_ATOMIC);
+        n = max(inst_size, pkt_size);
+        skb = alloc_skb(n, GFP_ATOMIC);
         if (!skb) {
                 PRINTR("nfnetlink_log: can't alloc whole buffer (%u bytes)\n",
                         inst_size);
 
-                /* try to allocate only as much as we need for current
-                 * packet */
+                if (n > pkt_size) {
+                        /* try to allocate only as much as we need for current
+                         * packet */
 
-                skb = alloc_skb(pkt_size, GFP_ATOMIC);
-                if (!skb)
-                        PRINTR("nfnetlink_log: can't even alloc %u bytes\n",
-                                pkt_size);
+                        skb = alloc_skb(pkt_size, GFP_ATOMIC);
+                        if (!skb)
+                                PRINTR("nfnetlink_log: can't even alloc %u "
+                                       "bytes\n", pkt_size);
+                }
         }
 
         return skb;