From d26feca2c9c19b650b5a7554b5a412ceca990b7a Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Fri, 12 Aug 2016 01:33:37 +0200
Subject: common: Avoid integer overflow in nftnl_batch_is_supported()

time() may return -1 which is then assigned to an unsigned integer type
and used as sequence number. The following code increments that number
multiple times, so it may overflow and get libmnl confused. To avoid
this, fall back to a starting sequence number of zero in case the call
to time() failed.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/common.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src')

diff --git a/src/common.c b/src/common.c
index bf4176c..2189cc8 100644
--- a/src/common.c
+++ b/src/common.c
@@ -192,6 +192,9 @@ int nftnl_batch_is_supported(void)
 	uint32_t seq = time(NULL), req_seq;
 	int ret;
 
+	if (seq == (uint32_t)-1)
+		seq = 0;
+
 	nl = mnl_socket_open(NETLINK_NETFILTER);
 	if (nl == NULL)
 		return -1;
-- 
cgit v1.2.3