libnl: Check data length in nla_reserve / nla_put am: f01b03b81a am: c198930bbb am: 2df2c5fa22 am: 65f43269a0 am: c7d03e591b am: 1ecc7536e5 am: 5399bd1024 am: df24328b6e am: c9e7458d76 am: 1f48630654android-n-mr2-preview-1 n-mr2-preview-1

am: b3659f0c6e Change-Id: Ib6f66542d050d545f0ff7dd9ef8fdae95a94a33a
author: Paul Stewart <pstew@google.com> 2016-11-09 18:21:08 +0000
committer: android-build-merger <android-build-merger@google.com> 2016-11-09 18:21:08 +0000
commit: 3341fa0db98b1f17bec2cf6dd08b50d6e3113655 (patch)
tree: 04fa4ac4fae8a79fa7d78ea929090a6f2a726192
parent: 74c5971cb326393625422ddf3be99e8a50e18fc2 (diff)
parent: b3659f0c6ede969af2c3ffb0336f8d0cd3b7c921 (diff)
download: libnl-n-mr2-preview-1.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/attr.c b/lib/attr.c
index 298fbb14..83943307 100644
--- a/lib/attr.c
+++ b/lib/attr.c
@@ -800,6 +800,9 @@ struct nlattr *nla_reserve(struct nl_msg *msg, int attrtype, int attrlen)
 	struct nlattr *nla;
 	int tlen;
 	
+	if (attrlen < 0)
+		return NULL;
+
 	tlen = NLMSG_ALIGN(msg->nm_nlh->nlmsg_len) + nla_total_size(attrlen);
 
 	if ((tlen + msg->nm_nlh->nlmsg_len) > msg->nm_size)
@@ -838,6 +841,9 @@ int nla_put(struct nl_msg *msg, int attrtype, int datalen, const void *data)
 {
 	struct nlattr *nla;
 
+	if (datalen < 0)
+		return -NLE_RANGE;
+
 	nla = nla_reserve(msg, attrtype, datalen);
 	if (!nla)
 		return -NLE_NOMEM;
author	Paul Stewart <pstew@google.com>	2016-11-09 18:21:08 +0000
committer	android-build-merger <android-build-merger@google.com>	2016-11-09 18:21:08 +0000
commit	3341fa0db98b1f17bec2cf6dd08b50d6e3113655 (patch)
tree	04fa4ac4fae8a79fa7d78ea929090a6f2a726192
parent	74c5971cb326393625422ddf3be99e8a50e18fc2 (diff)
parent	b3659f0c6ede969af2c3ffb0336f8d0cd3b7c921 (diff)
download	libnl-n-mr2-preview-1.tar.gz