diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2010-04-22 11:50:37 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2010-04-22 11:50:37 +0200 |
commit | fde77649df47e8313d330a3f1e0f4b698e73ee8b (patch) | |
tree | 703daf7030b321ae20b0efb62c4fbddb1e2b5602 | |
parent | 31118c770f1bc822226b8d3f70bad1904552745c (diff) | |
download | libmnl-fde77649df47e8313d330a3f1e0f4b698e73ee8b.tar.gz libmnl-fde77649df47e8313d330a3f1e0f4b698e73ee8b.zip |
fix mnl_attr_parse()
mnl_attr_parse does not take into account the length of the netlink
message header and the offset. Thus when validating attributes, it
goes over the end of the real attribute stream and catches invalid
data areas.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org
-rw-r--r-- | src/attr.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -247,7 +247,7 @@ int mnl_attr_parse(const struct nlmsghdr *nlh, int offset, { int ret = MNL_CB_OK; struct nlattr *attr = mnl_nlmsg_get_payload_offset(nlh, offset); - int len = nlh->nlmsg_len; + int len = nlh->nlmsg_len - MNL_NLMSG_HDRLEN - MNL_ALIGN(offset); while (mnl_attr_ok(attr, len)) { if (cb && (ret = cb(attr, data)) <= MNL_CB_STOP) |