From 36d03870ae1c7987f7439d2ad681e6f9c763bbd95bb408ac2e8e62c44381c714 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Wed, 18 Jan 2017 23:26:24 +0000
Subject: [PATCH] - Add nla-reserve.diff [boo#1020123]

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/libnl3?expand=0&rev=67
---
 libnl3.changes   |  5 +++++
 libnl3.spec      |  2 ++
 nla-reserve.diff | 43 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 50 insertions(+)
 create mode 100644 nla-reserve.diff

diff --git a/libnl3.changes b/libnl3.changes
index cfdde1c..9d8bdd8 100644
--- a/libnl3.changes
+++ b/libnl3.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Jan 18 23:26:00 UTC 2017 - jengelh@inai.de
+
+- Add nla-reserve.diff [boo#1020123]
+
 -------------------------------------------------------------------
 Mon Jan 16 17:46:53 UTC 2017 - jengelh@inai.de
 
diff --git a/libnl3.spec b/libnl3.spec
index 29d4c0b..f0eb56c 100644
--- a/libnl3.spec
+++ b/libnl3.spec
@@ -33,6 +33,7 @@ Url:            http://www.carisma.slowglass.com/~tgr/libnl/#(outdated)
 Source:         https://github.com/thom311/libnl/releases/download/libnl%uver/libnl-%version.tar.gz
 Source2:        https://github.com/thom311/libnl/releases/download/libnl%uver/libnl-%version.tar.gz.sig
 Source3:        baselibs.conf
+Patch1:         nla-reserve.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  bison >= 2.4
 BuildRequires:  flex >= 2.5.19
@@ -103,6 +104,7 @@ demonstrated.
 
 %prep
 %setup -qn libnl-%version
+%patch -P 1 -p1
 
 %build
 %configure --disable-static
diff --git a/nla-reserve.diff b/nla-reserve.diff
new file mode 100644
index 0000000..6a0ee01
--- /dev/null
+++ b/nla-reserve.diff
@@ -0,0 +1,43 @@
+From c473d59f972c35c5a7363d52ee6ee1e0792de0f8 Mon Sep 17 00:00:00 2001
+From: Thomas Haller <thaller@redhat.com>
+Date: Wed, 18 Jan 2017 11:59:23 +0100
+Subject: [PATCH] lib/attr.c: check for valid length argument in nla_reserve()
+
+https://github.com/thom311/libnl/issues/124
+---
+ lib/attr.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/lib/attr.c b/lib/attr.c
+index a3d1b16..0dca3ec 100644
+--- a/lib/attr.c
++++ b/lib/attr.c
+@@ -457,7 +457,10 @@ struct nlattr *nla_reserve(struct nl_msg *msg, int attrtype, int attrlen)
+ {
+ 	struct nlattr *nla;
+ 	int tlen;
+-	
++
++	if (attrlen < 0)
++		return NULL;
++
+ 	tlen = NLMSG_ALIGN(msg->nm_nlh->nlmsg_len) + nla_total_size(attrlen);
+ 
+ 	if (tlen > msg->nm_size)
+@@ -499,8 +502,12 @@ int nla_put(struct nl_msg *msg, int attrtype, int datalen, const void *data)
+ 	struct nlattr *nla;
+ 
+ 	nla = nla_reserve(msg, attrtype, datalen);
+-	if (!nla)
++	if (!nla) {
++		if (datalen < 0)
++			return -NLE_INVAL;
++
+ 		return -NLE_NOMEM;
++	}
+ 
+ 	if (datalen > 0) {
+ 		memcpy(nla_data(nla), data, datalen);
+-- 
+2.11.0
+