conntrackd: remove use of deprecated nfct_maxsize()

This patch removes the use of nfct_maxsize() and several abusive stack-based allocations. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2011-02-18 12:15:52 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2011-02-18 12:15:52 +0100
commit: 4dd7a3c15830aa21548716798171e67cb14bca49 (patch)
tree: 0b347c499aa2adcf7367061d09cf0e70399a4464 /src/netlink.c
parent: 3bb13acbff0983960e06eb33e0daa98c3dab472c (diff)
1 files changed, 9 insertions, 8 deletions
diff --git a/src/netlink.c b/src/netlink.c
index 1810f4a..60274f3 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -164,20 +164,21 @@ int nl_send_resync(struct nfct_handle *h)
 /* if the handle has no callback, check for existence, otherwise, update */
 int nl_get_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct)
 {
-	int ret;
-	char __tmp[nfct_maxsize()];
-	struct nf_conntrack *tmp = (struct nf_conntrack *) (void *)__tmp;
+	int ret = 1;
+	struct nf_conntrack *tmp;
 
-	memset(__tmp, 0, sizeof(__tmp));
+	tmp = nfct_new();
+	if (tmp == NULL)
+		return -1;
 
 	/* use the original tuple to check if it is there */
 	nfct_copy(tmp, ct, NFCT_CP_ORIG);
 
-	ret = nfct_query(h, NFCT_Q_GET, tmp);
-	if (ret == -1)
-		return errno == ENOENT ? 0 : -1;
+	if (nfct_query(h, NFCT_Q_GET, tmp) == -1)
+		ret = (errno == ENOENT) ? 0 : -1;
 
-	return 1;
+	nfct_destroy(tmp);
+	return ret;
 }
 
 int nl_create_conntrack(struct nfct_handle *h,
author	Pablo Neira Ayuso <pablo@netfilter.org>	2011-02-18 12:15:52 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2011-02-18 12:15:52 +0100
commit	4dd7a3c15830aa21548716798171e67cb14bca49 (patch)
tree	0b347c499aa2adcf7367061d09cf0e70399a4464 /src/netlink.c
parent	3bb13acbff0983960e06eb33e0daa98c3dab472c (diff)