diff options
author | Eric Paris <eparis@redhat.com> | 2013-01-03 19:26:00 (GMT) |
---|---|---|
committer | Thomas Graf <tgraf@suug.ch> | 2013-01-03 23:35:18 (GMT) |
commit | 5d53626100f3b747109d4fc05a6d4107b09df642 (patch) | |
tree | 361c294cfa0ed63a37e5a157d27bbb82c1688092 /lib | |
parent | 69719322546f8550208a7ad984f704259c9091cb (diff) | |
download | libnl-5d53626100f3b747109d4fc05a6d4107b09df642.zip libnl-5d53626100f3b747109d4fc05a6d4107b09df642.tar.gz libnl-5d53626100f3b747109d4fc05a6d4107b09df642.tar.bz2 |
nlmsg_ok comparison between signed and unsigned
The nlmsg_ok macro has a comparison between an int and a size_t
(unsigned int). The C spec says the int is cast to unsigned int before
the comparison. This is a problem as the audit system will send skb's
with skb->len == nlhhdr->nlmsg_len which are NOT aligned. Thus you can
end up with remaining being negative. So the comparison becomes
(unsigned int)(-1) >= (unsigned int)16
Which turns out to be true! It should clearly be false. So if we cast
the size_t to an int we get a signed comparison and it works. (This is
what linux/netlink.h and all of the kernel netlink headers do)
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/msg.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -178,7 +178,7 @@ int nlmsg_valid_hdr(const struct nlmsghdr *nlh, int hdrlen) */ int nlmsg_ok(const struct nlmsghdr *nlh, int remaining) { - return (remaining >= sizeof(struct nlmsghdr) && + return (remaining >= (int)sizeof(struct nlmsghdr) && nlh->nlmsg_len >= sizeof(struct nlmsghdr) && nlh->nlmsg_len <= remaining); } |