diff options
| -rw-r--r-- | net/core/filter.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/net/core/filter.c b/net/core/filter.c index e08b3822c72a..0e0856f5d708 100644 --- a/net/core/filter.c +++ b/net/core/filter.c | |||
| @@ -600,6 +600,9 @@ static u64 __skb_get_nlattr(u64 ctx, u64 A, u64 X, u64 r4, u64 r5) | |||
| 600 | if (skb_is_nonlinear(skb)) | 600 | if (skb_is_nonlinear(skb)) |
| 601 | return 0; | 601 | return 0; |
| 602 | 602 | ||
| 603 | if (skb->len < sizeof(struct nlattr)) | ||
| 604 | return 0; | ||
| 605 | |||
| 603 | if (A > skb->len - sizeof(struct nlattr)) | 606 | if (A > skb->len - sizeof(struct nlattr)) |
| 604 | return 0; | 607 | return 0; |
| 605 | 608 | ||
| @@ -618,11 +621,14 @@ static u64 __skb_get_nlattr_nest(u64 ctx, u64 A, u64 X, u64 r4, u64 r5) | |||
| 618 | if (skb_is_nonlinear(skb)) | 621 | if (skb_is_nonlinear(skb)) |
| 619 | return 0; | 622 | return 0; |
| 620 | 623 | ||
| 624 | if (skb->len < sizeof(struct nlattr)) | ||
| 625 | return 0; | ||
| 626 | |||
| 621 | if (A > skb->len - sizeof(struct nlattr)) | 627 | if (A > skb->len - sizeof(struct nlattr)) |
| 622 | return 0; | 628 | return 0; |
| 623 | 629 | ||
| 624 | nla = (struct nlattr *) &skb->data[A]; | 630 | nla = (struct nlattr *) &skb->data[A]; |
| 625 | if (nla->nla_len > A - skb->len) | 631 | if (nla->nla_len > skb->len - A) |
| 626 | return 0; | 632 | return 0; |
| 627 | 633 | ||
| 628 | nla = nla_find_nested(nla, X); | 634 | nla = nla_find_nested(nla, X); |