stv0g/libnl
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

nf: fix potential bug in nfnl_queue_msg_set_payload() when malloc() failed

Browse source 
Suppose the case:
1. message have already some payload
2. malloc() failed

In that case:
1. msg->queue_msg_payload become NULL
2. msg->queue_msg_payload_len stay non-zero

Now when malloc() error occurs, nothing changed.

https://github.com/thom311/libnl/pull/83
This commit is contained in:
Коренберг Марк 2015-07-02 14:59:55 +05:00 committed by Thomas Haller
parent 54e4ca7886
commit e29c979e88
1 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
lib/netfilter/queue_msg_obj.c
View file

@ -405,12 +405,15 @@ const uint8_t *nfnl_queue_msg_get_hwaddr(const struct nfnl_queue_msg *msg,
int nfnl_queue_msg_set_payload(struct nfnl_queue_msg *msg, uint8_t *payload,
int len)
{
free(msg->queue_msg_payload);
msg->queue_msg_payload = malloc(len);
if (!msg->queue_msg_payload)
return -NLE_NOMEM;
void *new_payload = malloc(len);
memcpy(msg->queue_msg_payload, payload, len);
if (new_payload == NULL)
return -NLE_NOMEM;
memcpy(new_payload, payload, len);
free(msg->queue_msg_payload);
msg->queue_msg_payload = new_payload;
msg->queue_msg_payload_len = len;
msg->ce_mask |= QUEUE_MSG_ATTR_PAYLOAD;
return 0;