diff options
| author | Marc de Kruijf <mdekruijf@gmail.com> | 2009-08-26 16:28:01 -0500 |
|---|---|---|
| committer | Thomas Graf <tgr@lsx.localdomain> | 2009-09-02 18:43:03 +0200 |
| commit | 1ed227d3a9684e84b1c19e083850d5f10e94348b (patch) | |
| tree | d45de62d4780b3a5eb6e0f51dbd84d63ef56cae7 | |
| parent | ef858fb492dfe98e3ae194264fbc73649cf8493a (diff) | |
| download | android_external_libnl-1ed227d3a9684e84b1c19e083850d5f10e94348b.tar.gz android_external_libnl-1ed227d3a9684e84b1c19e083850d5f10e94348b.tar.bz2 android_external_libnl-1ed227d3a9684e84b1c19e083850d5f10e94348b.zip | |
Patch for unexpectedly aligned messages
I found the following bug, where nlmsg_ok() in lib/msg.c would
incorrectly return 'true' when the input argument 'remaining' was a negative
number. This happens when the message is not aligned the way that libnl
expects (although it is still legal).
In the comparison of the signed and unsigned numbers on line 284, the signed
number gets converted to an unsigned number, which is unexpected and
naturally produces a bug. My patch is below. The cast is ugly, but it
fixes the problem.
| -rw-r--r-- | lib/msg.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -284,7 +284,7 @@ int nlmsg_valid_hdr(const struct nlmsghdr *nlh, int hdrlen) */ int nlmsg_ok(const struct nlmsghdr *nlh, int remaining) { - return (remaining >= sizeof(struct nlmsghdr) && + return (remaining >= (int)sizeof(struct nlmsghdr) && nlh->nlmsg_len >= sizeof(struct nlmsghdr) && nlh->nlmsg_len <= remaining); } |