diff options
author | Phil Sutter <phil@nwl.cc> | 2016-08-12 01:33:37 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-08-12 01:45:40 +0200 |
commit | d26feca2c9c19b650b5a7554b5a412ceca990b7a (patch) | |
tree | 8656f3cad4c3b83c2751e6bdaba8f91239b7a48b | |
parent | e381cd99e9eb0e9519a976c8288f6b9e051ada3a (diff) |
common: Avoid integer overflow in nftnl_batch_is_supported()
time() may return -1 which is then assigned to an unsigned integer type
and used as sequence number. The following code increments that number
multiple times, so it may overflow and get libmnl confused. To avoid
this, fall back to a starting sequence number of zero in case the call
to time() failed.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/common.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/common.c b/src/common.c index bf4176c..2189cc8 100644 --- a/src/common.c +++ b/src/common.c @@ -192,6 +192,9 @@ int nftnl_batch_is_supported(void) uint32_t seq = time(NULL), req_seq; int ret; + if (seq == (uint32_t)-1) + seq = 0; + nl = mnl_socket_open(NETLINK_NETFILTER); if (nl == NULL) return -1; |