nla_ok: fix overrun in attribute iteration.

A detailed explanation is provided in the original Linux kernel commit that fixes the bug: 1045b03e07d85f3545118510a587035536030c1c Valgrind spotted the issue when the remaining was negative. This bug was triggering application crashes. Signed-off-by: Patrick Havelange <patrick.havelange@tessares.net> https://github.com/thom311/libnl/pull/199
author: Patrick Havelange <patrick.havelange@tessares.net> 2018-07-27 12:39:35 (GMT)
committer: Thomas Haller <thaller@redhat.com> 2018-10-10 09:54:08 (GMT)
commit: 123dc07bcc3f402a500edf370d2000e171c91b34 (patch)
tree: 428f909704d01f93788de553d4b7c28663be2f67 /lib
parent: 1ac40683a879a602dbf8c42372677fb94f958a7d (diff)
download: libnl-123dc07bcc3f402a500edf370d2000e171c91b34.zip
libnl-123dc07bcc3f402a500edf370d2000e171c91b34.tar.gz
libnl-123dc07bcc3f402a500edf370d2000e171c91b34.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/attr.c b/lib/attr.c
index 0928630..1ddc007 100644
--- a/lib/attr.c
+++ b/lib/attr.c
@@ -147,7 +147,7 @@ int nla_len(const struct nlattr *nla)
  */
 int nla_ok(const struct nlattr *nla, int remaining)
 {
-	return remaining >= sizeof(*nla) &&
+	return remaining >= (int) sizeof(*nla) &&
 	       nla->nla_len >= sizeof(*nla) &&
 	       nla->nla_len <= remaining;
 }
author	Patrick Havelange <patrick.havelange@tessares.net>	2018-07-27 12:39:35 (GMT)
committer	Thomas Haller <thaller@redhat.com>	2018-10-10 09:54:08 (GMT)
commit	123dc07bcc3f402a500edf370d2000e171c91b34 (patch)
tree	428f909704d01f93788de553d4b7c28663be2f67 /lib
parent	1ac40683a879a602dbf8c42372677fb94f958a7d (diff)
download	libnl-123dc07bcc3f402a500edf370d2000e171c91b34.zip libnl-123dc07bcc3f402a500edf370d2000e171c91b34.tar.gz libnl-123dc07bcc3f402a500edf370d2000e171c91b34.tar.bz2