[Bug 1691] mnl_nlmsg_ok returns true on malformed/incomplete messages leading to potential runtime issues
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Sun Sep 10 22:24:46 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1691
Jeremy Sowden <jeremy at azazel.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |jeremy at azazel.net
Assignee|pablo at netfilter.org |jeremy at azazel.net
--- Comment #1 from Jeremy Sowden <jeremy at azazel.net> ---
My preference would be to get rid of the casts altogether:
EXPORT_SYMBOL bool mnl_nlmsg_ok(const struct nlmsghdr *nlh, int len)
{
size_t ulen = len;
if (len < 0)
return 0;
return ulen >= sizeof(struct nlmsghdr) &&
nlh->nlmsg_len >= sizeof(struct nlmsghdr) &&
nlh->nlmsg_len <= ulen;
}
I will send a patch.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230910/67446af2/attachment.html>
More information about the netfilter-buglog
mailing list