diff options
| author | Thomas Graf <tgraf@suug.ch> | 2010-10-29 16:40:48 (GMT) |
|---|---|---|
| committer | Thomas Graf <tgraf@suug.ch> | 2010-10-29 16:40:48 (GMT) |
| commit | 93f992eac5a0d35114de4e937326d1d03a53a25f (patch) | |
| tree | a1de56ec3924aa656690f29a000fe38d86cbae10 | |
| parent | cc22992d0c33abba42d94fb9489411f762cd70eb (diff) | |
| download | libnl-93f992eac5a0d35114de4e937326d1d03a53a25f.zip libnl-93f992eac5a0d35114de4e937326d1d03a53a25f.tar.gz libnl-93f992eac5a0d35114de4e937326d1d03a53a25f.tar.bz2 | |
attr: Add padding if nested data does not end at an alignment boundry
This could happen if a user put an unaligned amount of data inside
an attribute with nlmsg_append().
| -rw-r--r-- | lib/attr.c | 17 |
1 files changed, 17 insertions, 0 deletions
@@ -1151,9 +1151,26 @@ struct nlattr *nla_nest_start(struct nl_msg *msg, int attrtype) */ int nla_nest_end(struct nl_msg *msg, struct nlattr *start) { + size_t pad; + start->nla_len = (unsigned char *) nlmsg_tail(msg->nm_nlh) - (unsigned char *) start; + pad = NLMSG_ALIGN(msg->nm_nlh->nlmsg_len) - msg->nm_nlh->nlmsg_len; + if (pad > 0) { + /* + * Data inside attribute does not end at a alignment boundry. + * Pad accordingly and accoun for the additional space in + * the message. nlmsg_reserve() may never fail in this situation, + * the allocate message buffer must be a multiple of NLMSG_ALIGNTO. + */ + if (!nlmsg_reserve(msg, pad, 0)) + BUG(); + + NL_DBG(2, "msg %p: attr <%p> %d: added %zu bytes of padding\n", + msg, start, start->nla_type, pad); + } + NL_DBG(2, "msg %p: attr <%p> %d: closing nesting, len=%u\n", msg, start, start->nla_type, start->nla_len); |