[NETFILTER]: nfnetlink_queue: fix nfnetlink message size

Fix oversized message, use NLMSG_SPACE just one since it reserves space for the netlink header and NFA_SPACE for every attribute. Thanks to Harald Welte for the feedback Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>

[NETFILTER]: nfnetlink_queue: fix nfnetlink message size
Fix oversized message, use NLMSG_SPACE just one since it reserves space for the netlink header and NFA_SPACE for every attribute. Thanks to Harald Welte for the feedback Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira Ayuso · David S. Miller
1 parent 1cde64365b
Showing 1 changed file with 10 additions and 9 deletions Side-by-side Diff
net/netfilter/nfnetlink_queue.c
@@ -354,16 +354,17 @@
 	QDEBUG("entered\n");
  
 	/* all macros expand to constant values at compile time */
-	size =    NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hdr))
-		+ NLMSG_SPACE(sizeof(u_int32_t))	/* ifindex */
-		+ NLMSG_SPACE(sizeof(u_int32_t))	/* ifindex */
+	size =    NLMSG_SPACE(sizeof(struct nfgenmsg)) +
+		+ NFA_SPACE(sizeof(struct nfqnl_msg_packet_hdr))
+		+ NFA_SPACE(sizeof(u_int32_t))	/* ifindex */
+		+ NFA_SPACE(sizeof(u_int32_t))	/* ifindex */
 #ifdef CONFIG_BRIDGE_NETFILTER
-		+ NLMSG_SPACE(sizeof(u_int32_t))	/* ifindex */
-		+ NLMSG_SPACE(sizeof(u_int32_t))	/* ifindex */
+		+ NFA_SPACE(sizeof(u_int32_t))	/* ifindex */
+		+ NFA_SPACE(sizeof(u_int32_t))	/* ifindex */
 #endif
-		+ NLMSG_SPACE(sizeof(u_int32_t))	/* mark */
-		+ NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hw))
-		+ NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_timestamp));
+		+ NFA_SPACE(sizeof(u_int32_t))	/* mark */
+		+ NFA_SPACE(sizeof(struct nfqnl_msg_packet_hw))
+		+ NFA_SPACE(sizeof(struct nfqnl_msg_packet_timestamp));
  
 	outdev = entinf->outdev;
  
@@ -388,7 +389,7 @@
 		else
 			data_len = queue->copy_range;
  
-		size += NLMSG_SPACE(data_len);
+		size += NFA_SPACE(data_len);
 		break;
  
 	default:
...	...	@@ -354,16 +354,17 @@
354	354	QDEBUG("entered\n");
355	355
356	356	/* all macros expand to constant values at compile time */
357		- size = NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hdr))
358		- + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */
359		- + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */
	357	+ size = NLMSG_SPACE(sizeof(struct nfgenmsg)) +
	358	+ + NFA_SPACE(sizeof(struct nfqnl_msg_packet_hdr))
	359	+ + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */
	360	+ + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */
360	361	#ifdef CONFIG_BRIDGE_NETFILTER
361		- + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */
362		- + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */
	362	+ + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */
	363	+ + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */
363	364	#endif
364		- + NLMSG_SPACE(sizeof(u_int32_t)) /* mark */
365		- + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hw))
366		- + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_timestamp));
	365	+ + NFA_SPACE(sizeof(u_int32_t)) /* mark */
	366	+ + NFA_SPACE(sizeof(struct nfqnl_msg_packet_hw))
	367	+ + NFA_SPACE(sizeof(struct nfqnl_msg_packet_timestamp));
367	368
368	369	outdev = entinf->outdev;
369	370
...	...	@@ -388,7 +389,7 @@
388	389	else
389	390	data_len = queue->copy_range;
390	391
391		- size += NLMSG_SPACE(data_len);
	392	+ size += NFA_SPACE(data_len);
392	393	break;
393	394
394	395	default: