From 513130154d7af9f5b58602aeb00765629479d02e Mon Sep 17 00:00:00 2001 From: Jesse Gross Date: Mon, 28 Feb 2011 14:32:33 -0800 Subject: [PATCH] datapath: Check packet len does not exceed attribute len. Netlink attributes have a maximum length of 64k. It's theoretically possible that a packet could exceed this length, so check for it before we try to send the packet to userspace. Signed-off-by: Jesse Gross Acked-by: Ben Pfaff --- datapath/datapath.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/datapath/datapath.c b/datapath/datapath.c index 69b524c5..ebfc2e99 100644 --- a/datapath/datapath.c +++ b/datapath/datapath.c @@ -492,6 +492,9 @@ static int queue_control_packets(struct datapath *dp, struct sk_buff *skb, if (unlikely(err)) goto err_kfree_skbs; + if (nla_attr_size(skb->len) > USHRT_MAX) + goto err_kfree_skbs; + len = sizeof(struct odp_header); len += nla_total_size(skb->len); len += nla_total_size(FLOW_BUFSIZE); -- 2.30.2