Revert "decnet: dn_rtmsg: Improve input length sanitization in dnrmg_receive_user_skb"

This reverts commit 85eac2ba. There is an updated version of this fix which we should use instead. Signed-off-by: David S. Miller <davem@davemloft.net>

Revert "decnet: dn_rtmsg: Improve input length sanitization in dnrmg_receive_user_skb"
This reverts commit 85eac2ba. There is an updated version of this fix which we should use instead. Signed-off-by: David S. Miller <davem@davemloft.net>
c164772d · David S. Miller · 9065bc38 · c164772d
Commit c164772d authored Jun 08, 2017 by David S. Miller
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 3 deletions

net/decnet/netfilter/dn_rtmsg.c net/decnet/netfilter/dn_rtmsg.c +1 -3

No files found.
--- a/net/decnet/netfilter/dn_rtmsg.c
+++ b/net/decnet/netfilter/dn_rtmsg.c
@@ -102,9 +102,7 @@ static inline void dnrmg_receive_user_skb(struct sk_buff *skb)
 {
 	struct nlmsghdr *nlh = nlmsg_hdr(skb);
-	if (skb->len < sizeof(nlh->nlmsg_len) ||
+	if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len)
-	    nlh->nlmsg_len < sizeof(*nlh) ||
-	    skb->len < nlh->nlmsg_len)
 		return;
 	if (!netlink_capable(skb, CAP_NET_ADMIN))