1 files changed, 9 insertions, 14 deletions
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index b8ab37ad7ed5..9dbd5709aad7 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -136,7 +136,7 @@ static int nfnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                return -EPERM;
        /* All the messages must at least contain nfgenmsg */
-        if (nlh->nlmsg_len < NLMSG_SPACE(sizeof(struct nfgenmsg)))
+        if (nlh->nlmsg_len < NLMSG_LENGTH(sizeof(struct nfgenmsg)))
                return 0;
        type = nlh->nlmsg_type;
@@ -160,19 +160,14 @@ replay:
        {
                int min_len = NLMSG_SPACE(sizeof(struct nfgenmsg));
                u_int8_t cb_id = NFNL_MSG_TYPE(nlh->nlmsg_type);
-                u_int16_t attr_count = ss->cb[cb_id].attr_count;
+                struct nlattr *cda[ss->cb[cb_id].attr_count + 1];
-                struct nlattr *cda[attr_count+1];
+                struct nlattr *attr = (void *)nlh + min_len;
+                int attrlen = nlh->nlmsg_len - min_len;
-                if (likely(nlh->nlmsg_len >= min_len)) {
-                        struct nlattr *attr = (void *)nlh + NLMSG_ALIGN(min_len);
+                err = nla_parse(cda, ss->cb[cb_id].attr_count,
-                        int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len);
+                                attr, attrlen, ss->cb[cb_id].policy);
+                if (err < 0)
-                        err = nla_parse(cda, attr_count, attr, attrlen,
+                        return err;
-                                        ss->cb[cb_id].policy);
-                        if (err < 0)
-                                return err;
-                } else
-                        return -EINVAL;
                err = nc->call(nfnl, skb, nlh, cda);
                if (err == -EAGAIN)

diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c index b8ab37ad7ed5..9dbd5709aad7 100644 --- a/net/netfilter/nfnetlink.c +++ b/net/netfilter/nfnetlink.c
@@ -136,7 +136,7 @@ static int nfnetlink_rcv_msg(struct sk_buff skb, struct nlmsghdr nlh)
136	return -EPERM;	136	return -EPERM;
137		137
138	/* All the messages must at least contain nfgenmsg */	138	/* All the messages must at least contain nfgenmsg */
139	if (nlh->nlmsg_len < NLMSG_SPACE(sizeof(struct nfgenmsg)))	139	if (nlh->nlmsg_len < NLMSG_LENGTH(sizeof(struct nfgenmsg)))
140	return 0;	140	return 0;
141		141
142	type = nlh->nlmsg_type;	142	type = nlh->nlmsg_type;
@@ -160,19 +160,14 @@ replay:
160	{	160	{
161	int min_len = NLMSG_SPACE(sizeof(struct nfgenmsg));	161	int min_len = NLMSG_SPACE(sizeof(struct nfgenmsg));
162	u_int8_t cb_id = NFNL_MSG_TYPE(nlh->nlmsg_type);	162	u_int8_t cb_id = NFNL_MSG_TYPE(nlh->nlmsg_type);
163	u_int16_t attr_count = ss->cb[cb_id].attr_count;	163	struct nlattr *cda[ss->cb[cb_id].attr_count + 1];
164	struct nlattr *cda[attr_count+1];	164	struct nlattr attr = (void )nlh + min_len;
165		165	int attrlen = nlh->nlmsg_len - min_len;
166	if (likely(nlh->nlmsg_len >= min_len)) {	166
167	struct nlattr attr = (void )nlh + NLMSG_ALIGN(min_len);	167	err = nla_parse(cda, ss->cb[cb_id].attr_count,
168	int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len);	168	attr, attrlen, ss->cb[cb_id].policy);
169		169	if (err < 0)
170	err = nla_parse(cda, attr_count, attr, attrlen,	170	return err;
171	ss->cb[cb_id].policy);
172	if (err < 0)
173	return err;
174	} else
175	return -EINVAL;
176		171
177	err = nc->call(nfnl, skb, nlh, cda);	172	err = nc->call(nfnl, skb, nlh, cda);
178	if (err == -EAGAIN)	173	if (err == -EAGAIN)