From: Nelson Elhage <nelhage@ksplice.com>
Date: Fri, 18 Feb 2011 01:55:12 +0000 (-0500)
Subject: cgrulesengd: Ignore netlink messages that don't come from the kernel.
X-Git-Tag: v0.37.1~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0a59ea5e0b2ce466bfd35c9e700094bf09a0310d;p=thirdparty%2Flibcgroup.git

cgrulesengd: Ignore netlink messages that don't come from the kernel.

recvfrom() returns the address, it doesn't filter the packet based on the
sender. We need to explicitly check the received address after the call happens.

Signed-off-by: Nelson Elhage <nelhage@ksplice.com>
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
---

diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
index 10fd2cd7..5a965fd6 100644
--- a/src/daemon/cgrulesengd.c
+++ b/src/daemon/cgrulesengd.c
@@ -503,17 +503,10 @@ static int cgre_receive_netlink_msg(int sk_nl)
 	struct sockaddr_nl from_nla;
 	socklen_t from_nla_len;
 	struct nlmsghdr *nlh;
-	struct sockaddr_nl kern_nla;
 	struct cn_msg *cn_hdr;
 
-	kern_nla.nl_family = AF_NETLINK;
-	kern_nla.nl_groups = CN_IDX_PROC;
-	kern_nla.nl_pid = 1;
-	kern_nla.nl_pad = 0;
-
 	memset(buff, 0, sizeof(buff));
 	from_nla_len = sizeof(from_nla);
-	memcpy(&from_nla, &kern_nla, sizeof(from_nla));
 	recv_len = recvfrom(sk_nl, buff, sizeof(buff), 0,
 		(struct sockaddr *)&from_nla, &from_nla_len);
 	if (recv_len == ENOBUFS) {
@@ -523,6 +516,10 @@ static int cgre_receive_netlink_msg(int sk_nl)
 	if (recv_len < 1)
 		return 0;
 
+	if (from_nla.nl_groups != CN_IDX_PROC
+	    || from_nla.nl_pid != 0)
+		return 0;
+
 	nlh = (struct nlmsghdr *)buff;
 	while (NLMSG_OK(nlh, recv_len)) {
 		cn_hdr = NLMSG_DATA(nlh);