| Message ID | 1470958419-32602-6-git-send-email-phil@nwl.cc |
|---|---|
| State | Changes Requested |
| Delegated to: | Pablo Neira |
| Headers | show |
On Fri, Aug 12, 2016 at 01:33:37AM +0200, Phil Sutter wrote: > time() may return -1 which is then assigned to an unsigned integer type > and used as sequence number. The following code increments that number > multiple times, so it may overflow and get libmnl confused. To avoid > this, fall back to a starting sequence number of zero in case the call > to time() failed. (uint32_t)-1 should be fine for netlink as sequence number. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/src/common.c b/src/common.c index bf4176ceb76eb..2189cc8a3e882 100644 --- a/src/common.c +++ b/src/common.c @@ -192,6 +192,9 @@ int nftnl_batch_is_supported(void) uint32_t seq = time(NULL), req_seq; int ret; + if (seq == (uint32_t)-1) + seq = 0; + nl = mnl_socket_open(NETLINK_NETFILTER); if (nl == NULL) return -1;
time() may return -1 which is then assigned to an unsigned integer type and used as sequence number. The following code increments that number multiple times, so it may overflow and get libmnl confused. To avoid this, fall back to a starting sequence number of zero in case the call to time() failed. Signed-off-by: Phil Sutter <phil@nwl.cc> --- src/common.c | 3 +++ 1 file changed, 3 insertions(+)