Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

No conflicts. Signed-off-by: Jakub Kicinski <kuba@kernel.org>
author: Jakub Kicinski <kuba@kernel.org> 2022-07-28 18:21:16 -0700
committer: Jakub Kicinski <kuba@kernel.org> 2022-07-28 18:21:16 -0700
commit: 272ac32f566e3f925b20c231a2b30f6893aa258a (patch)
tree: c7c04a13d89349f0d007914904347df79438f3fa /net/netfilter/nfnetlink_queue.c
parent: 623cd87006983935de6c2ad8e2d50e68f1b7d6e7 (diff)
parent: 33ea1340bafe1f394e5bf96fceef73e9771d066b (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index a364f8e5e698..87a9009d5234 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -843,11 +843,16 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum)
 }
 
 static int
-nfqnl_mangle(void *data, int data_len, struct nf_queue_entry *e, int diff)
+nfqnl_mangle(void *data, unsigned int data_len, struct nf_queue_entry *e, int diff)
 {
 	struct sk_buff *nskb;
 
 	if (diff < 0) {
+		unsigned int min_len = skb_transport_offset(e->skb);
+
+		if (data_len < min_len)
+			return -EINVAL;
+
 		if (pskb_trim(e->skb, data_len))
 			return -ENOMEM;
 	} else if (diff > 0) {
author	Jakub Kicinski <kuba@kernel.org>	2022-07-28 18:21:16 -0700
committer	Jakub Kicinski <kuba@kernel.org>	2022-07-28 18:21:16 -0700
commit	272ac32f566e3f925b20c231a2b30f6893aa258a (patch)
tree	c7c04a13d89349f0d007914904347df79438f3fa /net/netfilter/nfnetlink_queue.c
parent	623cd87006983935de6c2ad8e2d50e68f1b7d6e7 (diff)
parent	33ea1340bafe1f394e5bf96fceef73e9771d066b (diff)