netfilter: nfnetlink_log: account for netlink header size

This is a followup to an old bug fix: NLMSG_DONE needs to account
for the netlink header size, not just the attribute size.

This can result in a WARN splat + drop of the netlink message,
but other than this there are no ill effects.

Fixes: 9dfa1dfe4d5e ("netfilter: nf_log: account for size of NLMSG_DONE attribute")
Reported-by: Yiming Qian <yimingqian591@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index fcbe54940b2ec352c1bf2d1f6d33cadfc8be811f..f80978c06fa0a0917cc4638a25c67b2b51c05180 100644 (file)
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -726,7 +726,7 @@ nfulnl_log_packet(struct net *net,
                + nla_total_size(plen)                  /* prefix */
                + nla_total_size(sizeof(struct nfulnl_msg_packet_hw))
                + nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp))
-               + nla_total_size(sizeof(struct nfgenmsg));      /* NLMSG_DONE */
+               + nlmsg_total_size(sizeof(struct nfgenmsg));    /* NLMSG_DONE */
 
        if (in && skb_mac_header_was_set(skb)) {
                size += nla_total_size(skb->dev->hard_header_len)