2 files changed, 10 insertions, 4 deletions

diff --git a/src/attr.c b/src/attr.c
index 2ec6dce..af12a47 100644
--- a/src/attr.c
+++ b/src/attr.c
@@ -73,12 +73,15 @@ void *mnl_attr_get_data(const struct nlattr *attr)
  * This function is used to check that a buffer that contains an attribute
  * has enough room for the attribute that it stores, ie. this function can
  * be used to verify that an attribute is neither malformed nor truncated.
+ *
+ * The @len parameter may become negative in malformed messages during
+ * attribute iteration, that is why we use a signed integer.
  */
 int mnl_attr_ok(const struct nlattr *attr, int len)
 {
-	return len >= sizeof(struct nlattr) &&
+	return len >= (int)sizeof(struct nlattr) &&
 	       attr->nla_len >= sizeof(struct nlattr) &&
-	       attr->nla_len <= len;
+	       (int)attr->nla_len <= len;
 }
 
 /**
diff --git a/src/msg.c b/src/msg.c
index 2a2f830..13d9abc 100644
--- a/src/msg.c
+++ b/src/msg.c
@@ -130,12 +130,15 @@ void *mnl_nlmsg_get_data_offset(const struct nlmsghdr *nlh, int offset)
  * message has enough room for the netlink message that it stores, ie. this
  * function can be used to verify that a netlink message is not malformed nor
  * truncated.
+ *
+ * The @len parameter may become negative in malformed messages during message
+ * iteration, that is why we use a signed integer.
  */
 int mnl_nlmsg_ok(const struct nlmsghdr *nlh, int len)
 {
-	return len >= sizeof(struct nlmsghdr) &&
+	return len >= (int)sizeof(struct nlmsghdr) &&
 	       nlh->nlmsg_len >= sizeof(struct nlmsghdr) &&
-	       nlh->nlmsg_len <= len;
+	       (int)nlh->nlmsg_len <= len;
 }
 
 /**