mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2025-01-22 13:54:57 +08:00
[NETFILTER]: Fix undersized skb allocation in ipt_ULOG/ebt_ulog/nfnetlink_log
The skb allocated is always of size nlbufsize, even if that is smaller than the size needed for the current packet. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
c2db292438
commit
ad2ad0f965
@ -98,12 +98,14 @@ static void ulog_timer(unsigned long data)
|
||||
static struct sk_buff *ulog_alloc_skb(unsigned int size)
|
||||
{
|
||||
struct sk_buff *skb;
|
||||
unsigned int n;
|
||||
|
||||
skb = alloc_skb(nlbufsiz, GFP_ATOMIC);
|
||||
n = max(size, nlbufsiz);
|
||||
skb = alloc_skb(n, GFP_ATOMIC);
|
||||
if (!skb) {
|
||||
PRINTR(KERN_ERR "ebt_ulog: can't alloc whole buffer "
|
||||
"of size %ub!\n", nlbufsiz);
|
||||
if (size < nlbufsiz) {
|
||||
"of size %ub!\n", n);
|
||||
if (n > size) {
|
||||
/* try to allocate only as much as we need for
|
||||
* current packet */
|
||||
skb = alloc_skb(size, GFP_ATOMIC);
|
||||
|
@ -147,22 +147,26 @@ static void ulog_timer(unsigned long data)
|
||||
static struct sk_buff *ulog_alloc_skb(unsigned int size)
|
||||
{
|
||||
struct sk_buff *skb;
|
||||
unsigned int n;
|
||||
|
||||
/* alloc skb which should be big enough for a whole
|
||||
* multipart message. WARNING: has to be <= 131000
|
||||
* due to slab allocator restrictions */
|
||||
|
||||
skb = alloc_skb(nlbufsiz, GFP_ATOMIC);
|
||||
n = max(size, nlbufsiz);
|
||||
skb = alloc_skb(n, GFP_ATOMIC);
|
||||
if (!skb) {
|
||||
PRINTR("ipt_ULOG: can't alloc whole buffer %ub!\n",
|
||||
nlbufsiz);
|
||||
PRINTR("ipt_ULOG: can't alloc whole buffer %ub!\n", n);
|
||||
|
||||
/* try to allocate only as much as we need for
|
||||
* current packet */
|
||||
if (n > size) {
|
||||
/* try to allocate only as much as we need for
|
||||
* current packet */
|
||||
|
||||
skb = alloc_skb(size, GFP_ATOMIC);
|
||||
if (!skb)
|
||||
PRINTR("ipt_ULOG: can't even allocate %ub\n", size);
|
||||
skb = alloc_skb(size, GFP_ATOMIC);
|
||||
if (!skb)
|
||||
PRINTR("ipt_ULOG: can't even allocate %ub\n",
|
||||
size);
|
||||
}
|
||||
}
|
||||
|
||||
return skb;
|
||||
|
@ -314,24 +314,28 @@ static struct sk_buff *nfulnl_alloc_skb(unsigned int inst_size,
|
||||
unsigned int pkt_size)
|
||||
{
|
||||
struct sk_buff *skb;
|
||||
unsigned int n;
|
||||
|
||||
UDEBUG("entered (%u, %u)\n", inst_size, pkt_size);
|
||||
|
||||
/* alloc skb which should be big enough for a whole multipart
|
||||
* message. WARNING: has to be <= 128k due to slab restrictions */
|
||||
|
||||
skb = alloc_skb(inst_size, GFP_ATOMIC);
|
||||
n = max(inst_size, pkt_size);
|
||||
skb = alloc_skb(n, GFP_ATOMIC);
|
||||
if (!skb) {
|
||||
PRINTR("nfnetlink_log: can't alloc whole buffer (%u bytes)\n",
|
||||
inst_size);
|
||||
|
||||
/* try to allocate only as much as we need for current
|
||||
* packet */
|
||||
if (n > pkt_size) {
|
||||
/* try to allocate only as much as we need for current
|
||||
* packet */
|
||||
|
||||
skb = alloc_skb(pkt_size, GFP_ATOMIC);
|
||||
if (!skb)
|
||||
PRINTR("nfnetlink_log: can't even alloc %u bytes\n",
|
||||
pkt_size);
|
||||
skb = alloc_skb(pkt_size, GFP_ATOMIC);
|
||||
if (!skb)
|
||||
PRINTR("nfnetlink_log: can't even alloc %u "
|
||||
"bytes\n", pkt_size);
|
||||
}
|
||||
}
|
||||
|
||||
return skb;
|
||||
|
Loading…
Reference in New Issue
Block a user