ip6: Perform sanity check before processing prefix messages
authorThomas Graf <tgraf@redhat.com>
Fri, 9 Sep 2011 09:39:07 +0000 (11:39 +0200)
committerDan Williams <dcbw@redhat.com>
Tue, 13 Sep 2011 05:08:30 +0000 (00:08 -0500)
Verifies that the provided message consists of at least the prefix header.

src/ip6-manager/nm-ip6-manager.c

index 721d43b..c734139 100644 (file)
@@ -624,6 +624,11 @@ process_prefix (NMIP6Manager *manager, struct nl_msg *msg)
 
        nm_log_dbg (LOGD_IP6, "processing netlink new prefix message");
 
+       if (!nlmsg_valid_hdr (nlmsg_hdr (msg), sizeof(*pmsg))) {
+               nm_log_dbg (LOGD_IP6, "ignoring invalid prefix message");
+               return NULL;
+       }
+
        pmsg = (struct prefixmsg *) NLMSG_DATA (nlmsg_hdr (msg));
        device = nm_ip6_manager_get_device (manager, pmsg->prefix_ifindex);