[NETFILTER]: Fix undersized skb allocation in ipt_ULOG/ebt_ulog/nfnetlink_log
authorPatrick McHardy <kaber@trash.net>
Sat, 4 Feb 2006 10:13:57 +0000 (02:13 -0800)
committerDavid S. Miller <davem@sunset.davemloft.net>
Sun, 5 Feb 2006 07:51:19 +0000 (23:51 -0800)
The skb allocated is always of size nlbufsize, even if that is smaller than
the size needed for the current packet.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/bridge/netfilter/ebt_ulog.c
net/ipv4/netfilter/ipt_ULOG.c
net/netfilter/nfnetlink_log.c

index dbbf9f673b55787740f5dbf07526f33e9bd597a6..802baf755ef465c392b757642999c3e40b20e2d4 100644 (file)
@@ -98,12 +98,14 @@ static void ulog_timer(unsigned long data)
 static struct sk_buff *ulog_alloc_skb(unsigned int size)
 {
        struct sk_buff *skb;
+       unsigned int n;
 
-       skb = alloc_skb(nlbufsiz, GFP_ATOMIC);
+       n = max(size, nlbufsiz);
+       skb = alloc_skb(n, GFP_ATOMIC);
        if (!skb) {
                PRINTR(KERN_ERR "ebt_ulog: can't alloc whole buffer "
-                      "of size %ub!\n", nlbufsiz);
-               if (size < nlbufsiz) {
+                      "of size %ub!\n", n);
+               if (n > size) {
                        /* try to allocate only as much as we need for
                         * current packet */
                        skb = alloc_skb(size, GFP_ATOMIC);
index 2fe64133bba3f3338f97fc4b0d36d75856892c50..180a9ea57b69fb4e05a7c8b171f1bc1628ae6f8c 100644 (file)
@@ -147,22 +147,26 @@ static void ulog_timer(unsigned long data)
 static struct sk_buff *ulog_alloc_skb(unsigned int size)
 {
        struct sk_buff *skb;
+       unsigned int n;
 
        /* alloc skb which should be big enough for a whole
         * multipart message. WARNING: has to be <= 131000
         * due to slab allocator restrictions */
 
-       skb = alloc_skb(nlbufsiz, GFP_ATOMIC);
+       n = max(size, nlbufsiz);
+       skb = alloc_skb(n, GFP_ATOMIC);
        if (!skb) {
-               PRINTR("ipt_ULOG: can't alloc whole buffer %ub!\n",
-                       nlbufsiz);
+               PRINTR("ipt_ULOG: can't alloc whole buffer %ub!\n", n);
 
-               /* try to allocate only as much as we need for 
-                * current packet */
+               if (n > size) {
+                       /* try to allocate only as much as we need for 
+                        * current packet */
 
-               skb = alloc_skb(size, GFP_ATOMIC);
-               if (!skb)
-                       PRINTR("ipt_ULOG: can't even allocate %ub\n", size);
+                       skb = alloc_skb(size, GFP_ATOMIC);
+                       if (!skb)
+                               PRINTR("ipt_ULOG: can't even allocate %ub\n",
+                                      size);
+               }
        }
 
        return skb;
index 50787af86d7dc4713406bfe1fdd3164c3417831f..3b3c781b40c067f62b19f47744297c4a6cd747f9 100644 (file)
@@ -314,24 +314,28 @@ static struct sk_buff *nfulnl_alloc_skb(unsigned int inst_size,
                                        unsigned int pkt_size)
 {
        struct sk_buff *skb;
+       unsigned int n;
 
        UDEBUG("entered (%u, %u)\n", inst_size, pkt_size);
 
        /* alloc skb which should be big enough for a whole multipart
         * message.  WARNING: has to be <= 128k due to slab restrictions */
 
-       skb = alloc_skb(inst_size, GFP_ATOMIC);
+       n = max(inst_size, pkt_size);
+       skb = alloc_skb(n, GFP_ATOMIC);
        if (!skb) {
                PRINTR("nfnetlink_log: can't alloc whole buffer (%u bytes)\n",
                        inst_size);
 
-               /* try to allocate only as much as we need for current
-                * packet */
+               if (n > pkt_size) {
+                       /* try to allocate only as much as we need for current
+                        * packet */
 
-               skb = alloc_skb(pkt_size, GFP_ATOMIC);
-               if (!skb)
-                       PRINTR("nfnetlink_log: can't even alloc %u bytes\n",
-                               pkt_size);
+                       skb = alloc_skb(pkt_size, GFP_ATOMIC);
+                       if (!skb)
+                               PRINTR("nfnetlink_log: can't even alloc %u "
+                                      "bytes\n", pkt_size);
+               }
        }
 
        return skb;