cgrulesengd: Ignore netlink messages that don't come from the kernel.

recvfrom() returns the address, it doesn't filter the packet based on the
sender. We need to explicitly check the received address after the call happens.

Signed-off-by: Nelson Elhage <nelhage@ksplice.com>
Signed-off-by: Jan Safranek <jsafrane@redhat.com>

diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
index 10fd2cd7322709365d80947a104c47f75b6f2f11..5a965fd6fa17af8d22b9d5419b6abd01517a72ce 100644 (file)
--- a/src/daemon/cgrulesengd.c
+++ b/src/daemon/cgrulesengd.c
@@ -503,17 +503,10 @@ static int cgre_receive_netlink_msg(int sk_nl)
        struct sockaddr_nl from_nla;
        socklen_t from_nla_len;
        struct nlmsghdr *nlh;
-       struct sockaddr_nl kern_nla;
        struct cn_msg *cn_hdr;
 
-       kern_nla.nl_family = AF_NETLINK;
-       kern_nla.nl_groups = CN_IDX_PROC;
-       kern_nla.nl_pid = 1;
-       kern_nla.nl_pad = 0;
-
        memset(buff, 0, sizeof(buff));
        from_nla_len = sizeof(from_nla);
-       memcpy(&from_nla, &kern_nla, sizeof(from_nla));
        recv_len = recvfrom(sk_nl, buff, sizeof(buff), 0,
                (struct sockaddr *)&from_nla, &from_nla_len);
        if (recv_len == ENOBUFS) {
@@ -523,6 +516,10 @@ static int cgre_receive_netlink_msg(int sk_nl)
        if (recv_len < 1)
                return 0;
 
+       if (from_nla.nl_groups != CN_IDX_PROC
+           || from_nla.nl_pid != 0)
+               return 0;
+
        nlh = (struct nlmsghdr *)buff;
        while (NLMSG_OK(nlh, recv_len)) {
                cn_hdr = NLMSG_DATA(nlh);