summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2008-11-25 01:56:47 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2008-11-25 01:56:47 +0100
commit6262a4a7b7139fb5636228cb0f5a1e72f848d871 (patch)
treea239dc549821e9cc897d616dd99c637767bf9fee /include
parent40efc1ebb15be022453f8c820c31099a8a0ebebd (diff)
downloadconntrack-tools-6262a4a7b7139fb5636228cb0f5a1e72f848d871.tar.gz
conntrack-tools-6262a4a7b7139fb5636228cb0f5a1e72f848d871.zip
build: add attribute header size to total attribute length
This patch adds the size of the attribute header (4 bytes) to the length field of netattr. This fixes a possible invalid memory access in malformed messages. This change is included in the set of scheduled changes for 0.9.9 that break backward compatibility. This patch also removes a memset of 4096 by one to initialize the headers and the netattr paddings. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r--include/network.h6
1 files changed, 3 insertions, 3 deletions
diff --git a/include/network.h b/include/network.h
index 2487c81..f24fb5f 100644
--- a/include/network.h
+++ b/include/network.h
@@ -49,7 +49,7 @@ enum {
#define BUILD_NETMSG(ct, query) \
({ \
char __net[4096]; \
- memset(__net, 0, sizeof(__net)); \
+ memset(__net, 0, NETHDR_SIZ + NETPLD_SIZ); \
build_netmsg(ct, query, (struct nethdr *) __net); \
(struct nethdr *) __net; \
})
@@ -170,8 +170,8 @@ struct netattr {
#define NTA_NEXT(x, len) \
( \
- len -= NTA_ALIGN(NTA_LENGTH(x->nta_len)), \
- (struct netattr *)(((char *)x) + NTA_ALIGN(NTA_LENGTH(x->nta_len))) \
+ len -= NTA_ALIGN(x->nta_len), \
+ (struct netattr *)(((char *)x) + NTA_ALIGN(x->nta_len)) \
)
#define NTA_ALIGNTO 4