File iplink-check-for-message-truncation-in-iplink_get.patch of Package iproute2.7171

From: Michal Kubecek <mkubecek@suse.cz>
Date: Fri, 1 Sep 2017 18:39:11 +0200
Subject: iplink: check for message truncation in iplink_get()
Patch-mainline: v4.13.0
Git-commit: 6599162b958ea5a43d729df4f30aad515db26ff4
References: bsc#1056261

If message length exceeds maxlen argument of rtnl_talk(), it is truncated
to maxlen but unlike in the case of truncation to the length of local
buffer in rtnl_talk(), the caller doesn't get any indication of a problem.

In particular, iplink_get() passes the truncated message on and parsing it
results in various warnings and sometimes even a segfault (observed with
"ip link show dev ..." for a NIC with 125 VFs).

Handle message truncation in iplink_get() the same way as truncation in
rtnl_talk() would be handled: return an error.

Signed-off-by: Michal Kubecek <mkubecek@suse.cz>

---
 ip/iplink.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ip/iplink.c b/ip/iplink.c
index c706d2089dcb..89b2b564c154 100644
--- a/ip/iplink.c
+++ b/ip/iplink.c
@@ -843,6 +843,11 @@ int iplink_get(unsigned int flags, char *name, __u32 filt_mask)
 
 	if (rtnl_talk(&rth, &req.n, &answer.n, sizeof(answer)) < 0)
 		return -2;
+	if (answer.n.nlmsg_len > sizeof(answer.buf)) {
+		fprintf(stderr, "Message truncated from %u to %lu\n",
+			answer.n.nlmsg_len, sizeof(answer.buf));
+		return -2;
+	}
 
 	if (brief)
 		print_linkinfo_brief(NULL, &answer.n, stdout);
-- 
2.14.1