summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2013-01-03 19:26:00 (GMT)
committerThomas Graf <tgraf@suug.ch>2013-01-03 23:35:18 (GMT)
commit5d53626100f3b747109d4fc05a6d4107b09df642 (patch)
tree361c294cfa0ed63a37e5a157d27bbb82c1688092 /lib
parent69719322546f8550208a7ad984f704259c9091cb (diff)
downloadlibnl-5d53626100f3b747109d4fc05a6d4107b09df642.zip
libnl-5d53626100f3b747109d4fc05a6d4107b09df642.tar.gz
libnl-5d53626100f3b747109d4fc05a6d4107b09df642.tar.bz2
nlmsg_ok comparison between signed and unsigned
The nlmsg_ok macro has a comparison between an int and a size_t (unsigned int). The C spec says the int is cast to unsigned int before the comparison. This is a problem as the audit system will send skb's with skb->len == nlhhdr->nlmsg_len which are NOT aligned. Thus you can end up with remaining being negative. So the comparison becomes (unsigned int)(-1) >= (unsigned int)16 Which turns out to be true! It should clearly be false. So if we cast the size_t to an int we get a signed comparison and it works. (This is what linux/netlink.h and all of the kernel netlink headers do) Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Thomas Graf <tgraf@suug.ch>
Diffstat (limited to 'lib')
-rw-r--r--lib/msg.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/msg.c b/lib/msg.c
index 23c137d..2613c78 100644
--- a/lib/msg.c
+++ b/lib/msg.c
@@ -178,7 +178,7 @@ int nlmsg_valid_hdr(const struct nlmsghdr *nlh, int hdrlen)
*/
int nlmsg_ok(const struct nlmsghdr *nlh, int remaining)
{
- return (remaining >= sizeof(struct nlmsghdr) &&
+ return (remaining >= (int)sizeof(struct nlmsghdr) &&
nlh->nlmsg_len >= sizeof(struct nlmsghdr) &&
nlh->nlmsg_len <= remaining);
}