diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-11-25 01:56:47 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-11-25 01:56:47 +0100 |
| commit | 6262a4a7b7139fb5636228cb0f5a1e72f848d871 (patch) | |
| tree | a239dc549821e9cc897d616dd99c637767bf9fee /include/network.h | |
| parent | 40efc1ebb15be022453f8c820c31099a8a0ebebd (diff) | |
| download | conntrack-tools-6262a4a7b7139fb5636228cb0f5a1e72f848d871.tar.gz conntrack-tools-6262a4a7b7139fb5636228cb0f5a1e72f848d871.zip | |
build: add attribute header size to total attribute length
This patch adds the size of the attribute header (4 bytes) to the
length field of netattr. This fixes a possible invalid memory
access in malformed messages.
This change is included in the set of scheduled changes for 0.9.9
that break backward compatibility.
This patch also removes a memset of 4096 by one to initialize
the headers and the netattr paddings.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/network.h')
| -rw-r--r-- | include/network.h | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/include/network.h b/include/network.h index 2487c81..f24fb5f 100644 --- a/include/network.h +++ b/include/network.h @@ -49,7 +49,7 @@ enum { #define BUILD_NETMSG(ct, query) \ ({ \ char __net[4096]; \ - memset(__net, 0, sizeof(__net)); \ + memset(__net, 0, NETHDR_SIZ + NETPLD_SIZ); \ build_netmsg(ct, query, (struct nethdr *) __net); \ (struct nethdr *) __net; \ }) @@ -170,8 +170,8 @@ struct netattr { #define NTA_NEXT(x, len) \ ( \ - len -= NTA_ALIGN(NTA_LENGTH(x->nta_len)), \ - (struct netattr *)(((char *)x) + NTA_ALIGN(NTA_LENGTH(x->nta_len))) \ + len -= NTA_ALIGN(x->nta_len), \ + (struct netattr *)(((char *)x) + NTA_ALIGN(x->nta_len)) \ ) #define NTA_ALIGNTO 4 |