[netfilter-cvslog] r4221 - trunk/libnfnetlink/src

[laforge at netfilter.org]

Author: laforge at netfilter.org
Date: 2005-08-07 16:50:46 +0200 (Sun, 07 Aug 2005)
New Revision: 4221

Modified:
   trunk/libnfnetlink/src/libnfnetlink.c
Log:
- fix endless loop in nfnl_talk (when 'junk' messages arrive but there is no
  junk handler)
- fix stack overflow in __nfnl_handle_msg.  nfattr array was wrongly sized


Modified: trunk/libnfnetlink/src/libnfnetlink.c
===================================================================
--- trunk/libnfnetlink/src/libnfnetlink.c	2005-08-07 14:49:43 UTC (rev 4220)
+++ trunk/libnfnetlink/src/libnfnetlink.c	2005-08-07 14:50:46 UTC (rev 4221)
@@ -396,7 +396,7 @@
 					if (err < 0)
 						return err;
 				}
-				continue;
+				goto cont;
 			}
 
 			if (h->nlmsg_type == NLMSG_ERROR) {
@@ -410,7 +410,7 @@
 							memcpy(answer, h, h->nlmsg_len);
 						return 0;
 					}
-					perror("CTNETLINK answers");
+					perror("NFNETLINK answers");
 				}
 				return -1;
 			}
@@ -420,7 +420,7 @@
 			}
 
 			nfnl_error("Unexpected reply!\n");
-
+cont:
 			status -= NLMSG_ALIGN(len);
 			h = (struct nlmsghdr *)((char *)h + NLMSG_ALIGN(len));
 		}
@@ -703,9 +703,8 @@
 static int __nfnl_handle_msg(struct nfnl_handle *h, struct nlmsghdr *nlh,
 			     int len)
 {
-	u_int8_t type;
+	u_int8_t type = NFNL_MSG_TYPE(nlh->nlmsg_type);
 	int err = 0;
-	struct nfattr *nfa[h->cb_count];
 
 	if (NFNL_SUBSYS_ID(nlh->nlmsg_type) != h->subsys_id)
 		return -1;
@@ -713,12 +712,12 @@
 	if (nlh->nlmsg_len < NLMSG_LENGTH(NLMSG_ALIGN(sizeof(struct nfgenmsg))))
 		return -1;
 
-	type = NFNL_MSG_TYPE(nlh->nlmsg_type);
-
 	if (type >= h->cb_count)
 		return -1;
 
 	if (h->cb[type].attr_count) {
+		struct nfattr *nfa[h->cb[type].attr_count];
+
 		err = nfnl_check_attributes(h, nlh, nfa);
 		if (err < 0)
 			return err;