Overview

File libnl-1_1-fix-elevation-of-privilege-vulnerability.patch of Package libnl-1_1.25398

diff -Nurp libnl-1.1.4-orig/lib/attr.c libnl-1.1.4/lib/attr.c
--- libnl-1.1.4-orig/lib/attr.c	2013-04-28 13:11:42.000000000 +0200
+++ libnl-1.1.4/lib/attr.c	2022-08-05 09:53:12.407938878 +0200
@@ -476,6 +476,9 @@ struct nlattr *nla_reserve(struct nl_msg
 	struct nlattr *nla;
 	int tlen;
 	
+	if (attrlen < 0)
+		return NULL;
+
 	tlen = NLMSG_ALIGN(n->nm_nlh->nlmsg_len) + nla_total_size(attrlen);
 
 	if (tlen > n->nm_size) {
@@ -513,8 +516,12 @@ int nla_put(struct nl_msg *n, int attrty
 	struct nlattr *nla;
 
 	nla = nla_reserve(n, attrtype, attrlen);
-	if (!nla)
+	if (!nla) {
+		if (attrlen < 0)
+			return nl_errno(EINVAL);
+
 		return nl_errno(ENOMEM);
+	}
 
 	memcpy(nla_data(nla), data, attrlen);
 	NL_DBG(2, "msg %p: Wrote %d bytes at offset +%td for attr %d\n",
openSUSE Build Service is sponsored by
Places