35 lines
1.0 KiB
Diff
35 lines
1.0 KiB
Diff
|
From 123dc07bcc3f402a500edf370d2000e171c91b34 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Patrick Havelange <patrick.havelange@tessares.net>
|
||
|
|
Date: Fri, 27 Jul 2018 14:39:35 +0200
|
||
|
|
Subject: [PATCH 74/76] nla_ok: fix overrun in attribute iteration.
|
||
|
|
|
||
|
|
A detailed explanation is provided in the original Linux kernel commit that
|
||
|
|
fixes the bug: 1045b03e07d85f3545118510a587035536030c1c
|
||
|
|
|
||
|
|
Valgrind spotted the issue when the remaining was negative.
|
||
|
|
This bug was triggering application crashes.
|
||
|
|
|
||
|
|
Signed-off-by: Patrick Havelange <patrick.havelange@tessares.net>
|
||
|
|
|
||
|
|
https://github.com/thom311/libnl/pull/199
|
||
|
|
---
|
||
|
|
lib/attr.c | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/lib/attr.c b/lib/attr.c
|
||
|
|
index 0928630..1ddc007 100644
|
||
|
|
--- a/lib/attr.c
|
||
|
|
+++ b/lib/attr.c
|
||
|
|
@@ -147,7 +147,7 @@ int nla_len(const struct nlattr *nla)
|
||
|
|
*/
|
||
|
|
int nla_ok(const struct nlattr *nla, int remaining)
|
||
|
|
{
|
||
|
|
- return remaining >= sizeof(*nla) &&
|
||
|
|
+ return remaining >= (int) sizeof(*nla) &&
|
||
|
|
nla->nla_len >= sizeof(*nla) &&
|
||
|
|
nla->nla_len <= remaining;
|
||
|
|
}
|
||
|
|
--
|
||
|
|
1.8.3.1
|
||
|
|
|