mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-19 18:22:32 +01:00
monitor: Fix crash
NLMSG_OK and NLMSG_NEXT expect to operate on nlmsg_len which is an int (signed type). The current code uses an unsigned type which means that it cannot detect underflows. Such underflows can happen when NLMSG_NEXT tries to advance nlmsg_len by a number of bytes (due to alignment) which are greater than the current nlmsg_len itself. This causes iwmon to crash on certain messages. Reported-By: Daniel Wagner <wagi@monom.org>
This commit is contained in:
parent
681172a999
commit
98e1d38056
@ -6876,7 +6876,7 @@ static bool nlmon_receive(struct l_io *io, void *user_data)
|
||||
unsigned char buf[8192];
|
||||
unsigned char control[32];
|
||||
ssize_t bytes_read;
|
||||
size_t nlmsg_len;
|
||||
int nlmsg_len;
|
||||
int fd;
|
||||
|
||||
fd = l_io_get_fd(io);
|
||||
|
Loading…
Reference in New Issue
Block a user