diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-10-24 00:08:24 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-10-28 23:20:38 +0100 |
| commit | 42b081df747729b0d83b69d2816be4091af56a58 (patch) | |
| tree | 0d56428b12dcd7b44e28e1e796c70c3b03e1ad64 /include | |
| parent | f7c2b27c9f8356c634f0405347444e03e10e151b (diff) | |
rule: netlink attribute offset is uint32_t for struct nlerr_loc
The maximum netlink message length (nlh->nlmsg_len) is uint32_t, struct
nlerr_loc stores the offset to the netlink attribute which must be
uint32_t, not uint16_t.
While at it, remove check for zero netlink attribute offset in
nft_cmd_error() which should not ever happen, likely this check was
there to prevent the uint16_t offset overflow.
Fixes: f8aec603aa7e ("src: initial extended netlink error reporting")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/rule.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/rule.h b/include/rule.h index a1628d82..3fcfa445 100644 --- a/include/rule.h +++ b/include/rule.h @@ -695,7 +695,7 @@ void monitor_free(struct monitor *m); #define NFT_NLATTR_LOC_MAX 32 struct nlerr_loc { - uint16_t offset; + uint32_t offset; const struct location *location; }; |