[PATCH] Wrong calcultation in nla_reserve
Emmanuel Thierry
emmanuel.thierry at telecom-bretagne.eu
Wed Apr 24 12:39:19 EDT 2013
Hello
There seams to be an error in the calculation of needed space for the message in nla_reserve. The current size of the message is counted twice: Once in NLMSG_ALIGN, once in the condition below.
This causes nla_put_* calls to be rejected if the allocation size of the message has been strictly calculated by the caller.
Best regards.
Emmanuel Thierry
Note: please keep me in cc in answers.
diff --git a/lib/attr.c b/lib/attr.c
index e6efe4e..8d27494 100644
--- a/lib/attr.c
+++ b/lib/attr.c
@@ -464,7 +464,7 @@ struct nlattr *nla_reserve(struct nl_msg *msg, int attrtype, int attrlen)
tlen = NLMSG_ALIGN(msg->nm_nlh->nlmsg_len) + nla_total_size(attrlen);
- if ((tlen + msg->nm_nlh->nlmsg_len) > msg->nm_size)
+ if (tlen > msg->nm_size)
return NULL;
nla = (struct nlattr *) nlmsg_tail(msg->nm_nlh);
More information about the libnl
mailing list