fix mnl_attr_parse()

mnl_attr_parse does not take into account the length of the netlink message header and the offset. Thus when validating attributes, it goes over the end of the real attribute stream and catches invalid data areas. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org
author: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2010-04-22 11:50:37 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2010-04-22 11:50:37 +0200
commit: fde77649df47e8313d330a3f1e0f4b698e73ee8b (patch)
tree: 703daf7030b321ae20b0efb62c4fbddb1e2b5602
parent: 31118c770f1bc822226b8d3f70bad1904552745c (diff)
download: libmnl-fde77649df47e8313d330a3f1e0f4b698e73ee8b.tar.gz
libmnl-fde77649df47e8313d330a3f1e0f4b698e73ee8b.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/attr.c b/src/attr.c
index 59cf8c0..2b2977e 100644
--- a/src/attr.c
+++ b/src/attr.c
@@ -247,7 +247,7 @@ int mnl_attr_parse(const struct nlmsghdr *nlh, int offset,
 {
 	int ret = MNL_CB_OK;
 	struct nlattr *attr = mnl_nlmsg_get_payload_offset(nlh, offset);
-	int len = nlh->nlmsg_len;
+	int len = nlh->nlmsg_len - MNL_NLMSG_HDRLEN - MNL_ALIGN(offset);
 
 	while (mnl_attr_ok(attr, len)) {
 		if (cb && (ret = cb(attr, data)) <= MNL_CB_STOP)
author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2010-04-22 11:50:37 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2010-04-22 11:50:37 +0200
commit	fde77649df47e8313d330a3f1e0f4b698e73ee8b (patch)
tree	703daf7030b321ae20b0efb62c4fbddb1e2b5602
parent	31118c770f1bc822226b8d3f70bad1904552745c (diff)
download	libmnl-fde77649df47e8313d330a3f1e0f4b698e73ee8b.tar.gz libmnl-fde77649df47e8313d330a3f1e0f4b698e73ee8b.zip