From 1134eee1e613ca0ffcfc2ee19aac4be2f4bc8e5f Mon Sep 17 00:00:00 2001 From: Thomas Graf Date: Fri, 9 Sep 2011 11:39:07 +0200 Subject: [PATCH] ip6: Perform sanity check before processing prefix messages Verifies that the provided message consists of at least the prefix header. --- src/ip6-manager/nm-ip6-manager.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/ip6-manager/nm-ip6-manager.c b/src/ip6-manager/nm-ip6-manager.c index 721d43b4ea..c734139024 100644 --- a/src/ip6-manager/nm-ip6-manager.c +++ b/src/ip6-manager/nm-ip6-manager.c @@ -624,6 +624,11 @@ process_prefix (NMIP6Manager *manager, struct nl_msg *msg) nm_log_dbg (LOGD_IP6, "processing netlink new prefix message"); + if (!nlmsg_valid_hdr (nlmsg_hdr (msg), sizeof(*pmsg))) { + nm_log_dbg (LOGD_IP6, "ignoring invalid prefix message"); + return NULL; + } + pmsg = (struct prefixmsg *) NLMSG_DATA (nlmsg_hdr (msg)); device = nm_ip6_manager_get_device (manager, pmsg->prefix_ifindex);