[NETFILTER]: Fix undersized skb allocation in ipt_ULOG/ebt_ulog/nfnetlink_log

[linux-2.6] / net / bridge / netfilter / ebt_ulog.c

diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
index ce617b3dbbb8dbb4c9a77cfcfe70c25c5748f304..802baf755ef465c392b757642999c3e40b20e2d4 100644 (file)
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -46,7 +46,7 @@
 #define PRINTR(format, args...) do { if (net_ratelimit()) \
                                 printk(format , ## args); } while (0)
 
-static unsigned int nlbufsiz = 4096;
+static unsigned int nlbufsiz = NLMSG_GOODSIZE;
 module_param(nlbufsiz, uint, 0600);
 MODULE_PARM_DESC(nlbufsiz, "netlink buffer size (number of bytes) "
                            "(defaults to 4096)");
@@ -98,12 +98,14 @@ static void ulog_timer(unsigned long data)
 static struct sk_buff *ulog_alloc_skb(unsigned int size)
 {
        struct sk_buff *skb;
+       unsigned int n;
 
-       skb = alloc_skb(nlbufsiz, GFP_ATOMIC);
+       n = max(size, nlbufsiz);
+       skb = alloc_skb(n, GFP_ATOMIC);
        if (!skb) {
                PRINTR(KERN_ERR "ebt_ulog: can't alloc whole buffer "
-                      "of size %ub!\n", nlbufsiz);
-               if (size < nlbufsiz) {
+                      "of size %ub!\n", n);
+               if (n > size) {
                        /* try to allocate only as much as we need for
                         * current packet */
                        skb = alloc_skb(size, GFP_ATOMIC);