tipc: do sanity check payload of a netlink message

When we initialize nlmsghdr with no payload inside tipc_nl_compat_dumpit() the parsing function returns -EINVAL. We fix it by making the parsing call conditional. Acked-by: Jon Maloy <jmaloy@redhat.com> Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au> Link: https://lore.kernel.org/r/20201215033151.76139-1-hoang.h.le@dektech.com.au Signed-off-by: Jakub Kicinski <kuba@kernel.org>
author: Hoang Le <hoang.h.le@dektech.com.au> 2020-12-15 10:31:51 +0700
committer: Jakub Kicinski <kuba@kernel.org> 2020-12-16 12:45:02 -0800
commit: c32c928d29deb2636e5889f59305cc15b004909f (patch)
tree: 0a502fc7b5170e2c3ccdb823e43825e6cb5983fd /net
parent: 023cae857b347b6f5577eebade21a843f3621f85 (diff)
download: linux-c32c928d29deb2636e5889f59305cc15b004909f.tar.bz2
1 files changed, 7 insertions, 5 deletions
diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
index 82f154989418..5a1ce64039f7 100644
--- a/net/tipc/netlink_compat.c
+++ b/net/tipc/netlink_compat.c
@@ -213,12 +213,14 @@ static int __tipc_nl_compat_dumpit(struct tipc_nl_compat_cmd_dump *cmd,
 	}
 
 	info.attrs = attrbuf;
-	err = nlmsg_parse_deprecated(cb.nlh, GENL_HDRLEN, attrbuf,
-				     tipc_genl_family.maxattr,
-				     tipc_genl_family.policy, NULL);
-	if (err)
-		goto err_out;
 
+	if (nlmsg_len(cb.nlh) > 0) {
+		err = nlmsg_parse_deprecated(cb.nlh, GENL_HDRLEN, attrbuf,
+					     tipc_genl_family.maxattr,
+					     tipc_genl_family.policy, NULL);
+		if (err)
+			goto err_out;
+	}
 	do {
 		int rem;
author	Hoang Le <hoang.h.le@dektech.com.au>	2020-12-15 10:31:51 +0700
committer	Jakub Kicinski <kuba@kernel.org>	2020-12-16 12:45:02 -0800
commit	c32c928d29deb2636e5889f59305cc15b004909f (patch)
tree	0a502fc7b5170e2c3ccdb823e43825e6cb5983fd /net
parent	023cae857b347b6f5577eebade21a843f3621f85 (diff)
download	linux-c32c928d29deb2636e5889f59305cc15b004909f.tar.bz2