This patch fixes a bug in the __cn_rx_skb() routine when checking the size of the netlink message. It applies to 2.6.12-rc1-mm3. Signed-off-by: Evgeniy Polyakov <[email protected]> --- connector.c | 9 ++++----- 1 files changed, 4 insertions(+), 5 deletions(-) Index: linux-2.6.12-rc1-mm3-cnfork/drivers/connector/connector.c =================================================================== --- linux-2.6.12-rc1-mm3-cnfork.orig/drivers/connector/connector.c 2005-03-25 10:42:57.000000000 +0100 +++ linux-2.6.12-rc1-mm3-cnfork/drivers/connector/connector.c 2005-03-25 10:43:16.000000000 +0100 @@ -168,12 +168,11 @@ static int __cn_rx_skb(struct sk_buff *s group = NETLINK_CB((skb)).groups; msg = (struct cn_msg *)NLMSG_DATA(nlh); - if (msg->len != nlh->nlmsg_len - sizeof(*msg) - sizeof(*nlh)) { + if (NLMSG_SPACE(msg->len + sizeof(*msg)) != nlh->nlmsg_len) { printk(KERN_ERR "skb does not have enough length: " - "requested msg->len=%u[%u], nlh->nlmsg_len=%u[%u], skb->len=%u[must be %u].\n", - msg->len, NLMSG_SPACE(msg->len), - nlh->nlmsg_len, nlh->nlmsg_len - sizeof(*nlh), - skb->len, msg->len + sizeof(*msg)); + "requested msg->len=%u[%u], nlh->nlmsg_len=%u, skb->len=%u.\n", + msg->len, NLMSG_SPACE(msg->len + sizeof(*msg)), + nlh->nlmsg_len, skb->len); kfree_skb(skb); return -EINVAL; } - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- Prev by Date: [patch 1/2] fork_connector: add a fork connector
- Next by Date: pm_message_t becoming struct
- Previous by thread: [patch 0/2] fork_connector
- Next by thread: pm_message_t becoming struct
- Index(es):
 |