Commit ad2ad0f9 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller

[NETFILTER]: Fix undersized skb allocation in ipt_ULOG/ebt_ulog/nfnetlink_log

The skb allocated is always of size nlbufsize, even if that is smaller than
the size needed for the current packet.
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent c2db2924
...@@ -98,12 +98,14 @@ static void ulog_timer(unsigned long data) ...@@ -98,12 +98,14 @@ static void ulog_timer(unsigned long data)
static struct sk_buff *ulog_alloc_skb(unsigned int size) static struct sk_buff *ulog_alloc_skb(unsigned int size)
{ {
struct sk_buff *skb; struct sk_buff *skb;
unsigned int n;
skb = alloc_skb(nlbufsiz, GFP_ATOMIC); n = max(size, nlbufsiz);
skb = alloc_skb(n, GFP_ATOMIC);
if (!skb) { if (!skb) {
PRINTR(KERN_ERR "ebt_ulog: can't alloc whole buffer " PRINTR(KERN_ERR "ebt_ulog: can't alloc whole buffer "
"of size %ub!\n", nlbufsiz); "of size %ub!\n", n);
if (size < nlbufsiz) { if (n > size) {
/* try to allocate only as much as we need for /* try to allocate only as much as we need for
* current packet */ * current packet */
skb = alloc_skb(size, GFP_ATOMIC); skb = alloc_skb(size, GFP_ATOMIC);
......
...@@ -147,22 +147,26 @@ static void ulog_timer(unsigned long data) ...@@ -147,22 +147,26 @@ static void ulog_timer(unsigned long data)
static struct sk_buff *ulog_alloc_skb(unsigned int size) static struct sk_buff *ulog_alloc_skb(unsigned int size)
{ {
struct sk_buff *skb; struct sk_buff *skb;
unsigned int n;
/* alloc skb which should be big enough for a whole /* alloc skb which should be big enough for a whole
* multipart message. WARNING: has to be <= 131000 * multipart message. WARNING: has to be <= 131000
* due to slab allocator restrictions */ * due to slab allocator restrictions */
skb = alloc_skb(nlbufsiz, GFP_ATOMIC); n = max(size, nlbufsiz);
skb = alloc_skb(n, GFP_ATOMIC);
if (!skb) { if (!skb) {
PRINTR("ipt_ULOG: can't alloc whole buffer %ub!\n", PRINTR("ipt_ULOG: can't alloc whole buffer %ub!\n", n);
nlbufsiz);
/* try to allocate only as much as we need for if (n > size) {
* current packet */ /* try to allocate only as much as we need for
* current packet */
skb = alloc_skb(size, GFP_ATOMIC); skb = alloc_skb(size, GFP_ATOMIC);
if (!skb) if (!skb)
PRINTR("ipt_ULOG: can't even allocate %ub\n", size); PRINTR("ipt_ULOG: can't even allocate %ub\n",
size);
}
} }
return skb; return skb;
......
...@@ -314,24 +314,28 @@ static struct sk_buff *nfulnl_alloc_skb(unsigned int inst_size, ...@@ -314,24 +314,28 @@ static struct sk_buff *nfulnl_alloc_skb(unsigned int inst_size,
unsigned int pkt_size) unsigned int pkt_size)
{ {
struct sk_buff *skb; struct sk_buff *skb;
unsigned int n;
UDEBUG("entered (%u, %u)\n", inst_size, pkt_size); UDEBUG("entered (%u, %u)\n", inst_size, pkt_size);
/* alloc skb which should be big enough for a whole multipart /* alloc skb which should be big enough for a whole multipart
* message. WARNING: has to be <= 128k due to slab restrictions */ * message. WARNING: has to be <= 128k due to slab restrictions */
skb = alloc_skb(inst_size, GFP_ATOMIC); n = max(inst_size, pkt_size);
skb = alloc_skb(n, GFP_ATOMIC);
if (!skb) { if (!skb) {
PRINTR("nfnetlink_log: can't alloc whole buffer (%u bytes)\n", PRINTR("nfnetlink_log: can't alloc whole buffer (%u bytes)\n",
inst_size); inst_size);
/* try to allocate only as much as we need for current if (n > pkt_size) {
* packet */ /* try to allocate only as much as we need for current
* packet */
skb = alloc_skb(pkt_size, GFP_ATOMIC); skb = alloc_skb(pkt_size, GFP_ATOMIC);
if (!skb) if (!skb)
PRINTR("nfnetlink_log: can't even alloc %u bytes\n", PRINTR("nfnetlink_log: can't even alloc %u "
pkt_size); "bytes\n", pkt_size);
}
} }
return skb; return skb;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment