Check length of netlink addresses.

Folow up on CVE-2011-1022, add check for length of address of incoming
netlink packet, just to be sure.

Pointed out by Steve Grubb.

Signed-off-by: Jan Safranek <jsafrane@redhat.com>

diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
index 5a965fd6fa17af8d22b9d5419b6abd01517a72ce..2f42a57b826594385a8aafcaf2cbaf990fa6085c 100644 (file)
--- a/src/daemon/cgrulesengd.c
+++ b/src/daemon/cgrulesengd.c
@@ -516,6 +516,10 @@ static int cgre_receive_netlink_msg(int sk_nl)
        if (recv_len < 1)
                return 0;
 
+       if (from_nla_len != sizeof(from_nla)) {
+               flog(LOG_ERR, "Bad address size reading netlink socket");
+               return 0;
+       }
        if (from_nla.nl_groups != CN_IDX_PROC
            || from_nla.nl_pid != 0)
                return 0;