|
 |
500572 |
From: Martin Kletzander <mkletzan@redhat.com>
|
|
|
500572 |
Date: Fri, 16 Aug 2024 13:59:15 +0200
|
|
|
500572 |
Subject: [PATCH] virarptable: Fix check for message length
|
|
|
500572 |
Content-type: text/plain
|
|
|
500572 |
|
|
|
500572 |
The previous check was all wrong since it calculated the how long would
|
|
|
500572 |
the netlink message be if the netlink header was the payload and then
|
|
|
500572 |
subtracted that from the whole message length, a variable that was not
|
|
|
500572 |
used later in the code. This check can fail if there are no additional
|
|
|
500572 |
payloads, struct rtattr in particular, which we are parsing later,
|
|
|
500572 |
however the RTA_OK macro would've caught that anyway.
|
|
|
500572 |
|
|
|
500572 |
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
|
|
|
500572 |
Reviewed-by: Laine Stump <laine@redhat.com>
|
|
|
500572 |
---
|
|
|
500572 |
src/util/virarptable.c | 3 +--
|
|
|
500572 |
1 file changed, 1 insertion(+), 2 deletions(-)
|
|
|
500572 |
|
|
|
500572 |
diff --git a/src/util/virarptable.c b/src/util/virarptable.c
|
|
|
500572 |
index d8e41c5a86..45ee76766f 100644
|
|
|
500572 |
--- a/src/util/virarptable.c
|
|
|
500572 |
+++ b/src/util/virarptable.c
|
|
|
500572 |
@@ -81,10 +81,9 @@ virArpTableGet(void)
|
|
|
500572 |
for (; NLMSG_OK(nh, msglen); nh = NLMSG_NEXT(nh, msglen)) {
|
|
|
500572 |
VIR_WARNINGS_RESET
|
|
|
500572 |
struct ndmsg *r = NLMSG_DATA(nh);
|
|
|
500572 |
- int len = nh->nlmsg_len;
|
|
|
500572 |
void *addr;
|
|
|
500572 |
|
|
|
500572 |
- if ((len -= NLMSG_LENGTH(sizeof(*nh))) < 0) {
|
|
|
500572 |
+ if (nh->nlmsg_len < NLMSG_SPACE(sizeof(*r))) {
|
|
|
500572 |
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
|
500572 |
_("wrong nlmsg len"));
|
|
|
500572 |
goto cleanup;
|