update queue-3.4/filter-prevent-nla-extensions-to-peek-beyond-the-end-of-the-message...

diff --git a/queue-3.4/filter-prevent-nla-extensions-to-peek-beyond-the-end-of-the-message.patch b/queue-3.4/filter-prevent-nla-extensions-to-peek-beyond-the-end-of-the-message.patch
index 16ea4978fb648e36c67d8a9e199b4bc5559b93bb..de99af34aea683cbd474c3f15e2383166910401f 100644 (file)
--- a/queue-3.4/filter-prevent-nla-extensions-to-peek-beyond-the-end-of-the-message.patch
+++ b/queue-3.4/filter-prevent-nla-extensions-to-peek-beyond-the-end-of-the-message.patch
@@ -62,12 +62,19 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 
 --- a/net/core/filter.c
 +++ b/net/core/filter.c
-@@ -338,11 +338,15 @@ load_b:
+@@ -322,6 +322,8 @@ load_b:
  
                        if (skb_is_nonlinear(skb))
                                return 0;
 +                      if (skb->len < sizeof(struct nlattr))
 +                              return 0;
+                       if (A > skb->len - sizeof(struct nlattr))
+                               return 0;
+ 
+@@ -338,11 +340,13 @@ load_b:
+ 
+                       if (skb_is_nonlinear(skb))
+                               return 0;
 +                      if (skb->len < sizeof(struct nlattr))
 +                              return 0;
                        if (A > skb->len - sizeof(struct nlattr))