diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/attr.c | 7 | ||||
-rw-r--r-- | src/msg.c | 7 |
2 files changed, 10 insertions, 4 deletions
@@ -73,12 +73,15 @@ void *mnl_attr_get_data(const struct nlattr *attr) * This function is used to check that a buffer that contains an attribute * has enough room for the attribute that it stores, ie. this function can * be used to verify that an attribute is neither malformed nor truncated. + * + * The @len parameter may become negative in malformed messages during + * attribute iteration, that is why we use a signed integer. */ int mnl_attr_ok(const struct nlattr *attr, int len) { - return len >= sizeof(struct nlattr) && + return len >= (int)sizeof(struct nlattr) && attr->nla_len >= sizeof(struct nlattr) && - attr->nla_len <= len; + (int)attr->nla_len <= len; } /** @@ -130,12 +130,15 @@ void *mnl_nlmsg_get_data_offset(const struct nlmsghdr *nlh, int offset) * message has enough room for the netlink message that it stores, ie. this * function can be used to verify that a netlink message is not malformed nor * truncated. + * + * The @len parameter may become negative in malformed messages during message + * iteration, that is why we use a signed integer. */ int mnl_nlmsg_ok(const struct nlmsghdr *nlh, int len) { - return len >= sizeof(struct nlmsghdr) && + return len >= (int)sizeof(struct nlmsghdr) && nlh->nlmsg_len >= sizeof(struct nlmsghdr) && - nlh->nlmsg_len <= len; + (int)nlh->nlmsg_len <= len; } /** |