netfilter: nfnetlink_queue: only add CAP_LEN attr when needed

CAP_LEN contains the size of the network packet we're queueing to userspace, i.e. normally it is the same as the NFQA_PAYLOAD attribute len. Include it only in the unlikely case when NFQA_PAYLOAD is truncated due to copy_range limitations. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2013-06-04 22:22:16 (GMT)
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-06-05 10:40:54 (GMT)
commit: 7f87712c0152511a1842698ad8dca425fee2dc4f (patch)
tree: bf8da1c03b04c720afa10f96a210a2df17f980db /net/netfilter/nfnetlink_queue_core.c
parent: 9cefbbc9c8f9abe0bc514dcfca46e8051ee84050 (diff)
download: linux-fsl-qoriq-7f87712c0152511a1842698ad8dca425fee2dc4f.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c
index 3c42181..eb2cde8 100644
--- a/net/netfilter/nfnetlink_queue_core.c
+++ b/net/netfilter/nfnetlink_queue_core.c
@@ -472,7 +472,8 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
 	if (ct && nfqnl_ct_put(skb, ct, ctinfo) < 0)
 		goto nla_put_failure;
 
-	if (cap_len > 0 && nla_put_be32(skb, NFQA_CAP_LEN, htonl(cap_len)))
+	if (cap_len > data_len &&
+	    nla_put_be32(skb, NFQA_CAP_LEN, htonl(cap_len)))
 		goto nla_put_failure;
 
 	if (nfqnl_put_packet_info(skb, entskb))
author	Florian Westphal <fw@strlen.de>	2013-06-04 22:22:16 (GMT)
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-06-05 10:40:54 (GMT)
commit	7f87712c0152511a1842698ad8dca425fee2dc4f (patch)
tree	bf8da1c03b04c720afa10f96a210a2df17f980db /net/netfilter/nfnetlink_queue_core.c
parent	9cefbbc9c8f9abe0bc514dcfca46e8051ee84050 (diff)
download	linux-fsl-qoriq-7f87712c0152511a1842698ad8dca425fee2dc4f.tar.xz