X-Git-Url: http://git.cascardo.info/?a=blobdiff_plain;f=net%2Fnetfilter%2Fnfnetlink.c;h=c421d94c4652625147ba65aebe4c251561cf37ff;hb=2bd822180446558dd13f6124f09fa3e80850dcaa;hp=13c2e17bbe279e6660a0a04fc804a6e1dd0a7707;hpb=7051d8e6308640aaee2f9d45d0ceaad3a4ee8a78;p=cascardo%2Flinux.git

diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 13c2e17bbe27..c421d94c4652 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -321,7 +321,8 @@ replay:
 		nlh = nlmsg_hdr(skb);
 		err = 0;
 
-		if (nlh->nlmsg_len < NLMSG_HDRLEN) {
+		if (nlmsg_len(nlh) < sizeof(struct nfgenmsg) ||
+		    skb->len < nlh->nlmsg_len) {
 			err = -EINVAL;
 			goto ack;
 		}
@@ -463,13 +464,13 @@ static void nfnetlink_rcv(struct sk_buff *skb)
 }
 
 #ifdef CONFIG_MODULES
-static int nfnetlink_bind(int group)
+static int nfnetlink_bind(struct net *net, int group)
 {
 	const struct nfnetlink_subsystem *ss;
 	int type;
 
 	if (group <= NFNLGRP_NONE || group > NFNLGRP_MAX)
-		return -EINVAL;
+		return 0;
 
 	type = nfnl_group2type[group];