[netfilter-cvslog] r4221 - trunk/libnfnetlink/src
laforge at netfilter.org
laforge at netfilter.org
Sun Aug 7 16:50:46 CEST 2005
Author: laforge at netfilter.org
Date: 2005-08-07 16:50:46 +0200 (Sun, 07 Aug 2005)
New Revision: 4221
Modified:
trunk/libnfnetlink/src/libnfnetlink.c
Log:
- fix endless loop in nfnl_talk (when 'junk' messages arrive but there is no
junk handler)
- fix stack overflow in __nfnl_handle_msg. nfattr array was wrongly sized
Modified: trunk/libnfnetlink/src/libnfnetlink.c
===================================================================
--- trunk/libnfnetlink/src/libnfnetlink.c 2005-08-07 14:49:43 UTC (rev 4220)
+++ trunk/libnfnetlink/src/libnfnetlink.c 2005-08-07 14:50:46 UTC (rev 4221)
@@ -396,7 +396,7 @@
if (err < 0)
return err;
}
- continue;
+ goto cont;
}
if (h->nlmsg_type == NLMSG_ERROR) {
@@ -410,7 +410,7 @@
memcpy(answer, h, h->nlmsg_len);
return 0;
}
- perror("CTNETLINK answers");
+ perror("NFNETLINK answers");
}
return -1;
}
@@ -420,7 +420,7 @@
}
nfnl_error("Unexpected reply!\n");
-
+cont:
status -= NLMSG_ALIGN(len);
h = (struct nlmsghdr *)((char *)h + NLMSG_ALIGN(len));
}
@@ -703,9 +703,8 @@
static int __nfnl_handle_msg(struct nfnl_handle *h, struct nlmsghdr *nlh,
int len)
{
- u_int8_t type;
+ u_int8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type);
int err = 0;
- struct nfattr *nfa[h->cb_count];
if (NFNL_SUBSYS_ID(nlh->nlmsg_type) != h->subsys_id)
return -1;
@@ -713,12 +712,12 @@
if (nlh->nlmsg_len < NLMSG_LENGTH(NLMSG_ALIGN(sizeof(struct nfgenmsg))))
return -1;
- type = NFNL_MSG_TYPE(nlh->nlmsg_type);
-
if (type >= h->cb_count)
return -1;
if (h->cb[type].attr_count) {
+ struct nfattr *nfa[h->cb[type].attr_count];
+
err = nfnl_check_attributes(h, nlh, nfa);
if (err < 0)
return err;
More information about the netfilter-cvslog
mailing list