summaryrefslogtreecommitdiffstats
path: root/lib/netfilter
diff options
context:
space:
mode:
authorКоренберг Марк <mark@ideco.ru>2015-07-02 09:59:55 (GMT)
committerThomas Haller <thaller@redhat.com>2015-07-10 08:06:21 (GMT)
commite29c979e885ab3f16ab6b2b26a33bc079bb39c88 (patch)
treeedd3d25f582d481c6a93443c484b371b121998a8 /lib/netfilter
parent54e4ca788614e427a9686fea26c1cc4729d8811c (diff)
downloadlibnl-e29c979e885ab3f16ab6b2b26a33bc079bb39c88.zip
libnl-e29c979e885ab3f16ab6b2b26a33bc079bb39c88.tar.gz
libnl-e29c979e885ab3f16ab6b2b26a33bc079bb39c88.tar.bz2
nf: fix potential bug in nfnl_queue_msg_set_payload() when malloc() failed
Suppose the case: 1. message have already some payload 2. malloc() failed In that case: 1. msg->queue_msg_payload become NULL 2. msg->queue_msg_payload_len stay non-zero Now when malloc() error occurs, nothing changed. https://github.com/thom311/libnl/pull/83
Diffstat (limited to 'lib/netfilter')
-rw-r--r--lib/netfilter/queue_msg_obj.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/lib/netfilter/queue_msg_obj.c b/lib/netfilter/queue_msg_obj.c
index b3b49ef..98f9a99 100644
--- a/lib/netfilter/queue_msg_obj.c
+++ b/lib/netfilter/queue_msg_obj.c
@@ -405,12 +405,15 @@ const uint8_t *nfnl_queue_msg_get_hwaddr(const struct nfnl_queue_msg *msg,
int nfnl_queue_msg_set_payload(struct nfnl_queue_msg *msg, uint8_t *payload,
int len)
{
- free(msg->queue_msg_payload);
- msg->queue_msg_payload = malloc(len);
- if (!msg->queue_msg_payload)
+ void *new_payload = malloc(len);
+
+ if (new_payload == NULL)
return -NLE_NOMEM;
+ memcpy(new_payload, payload, len);
+
+ free(msg->queue_msg_payload);
- memcpy(msg->queue_msg_payload, payload, len);
+ msg->queue_msg_payload = new_payload;
msg->queue_msg_payload_len = len;
msg->ce_mask |= QUEUE_MSG_ATTR_PAYLOAD;
return 0;
generated by cgit v0.12 at 2024-08-31 13:05:31 (GMT)