Previously coverity was complaining about a use-after-free.
This was not a real problem, because the printf statement
does not dereferenciate the pointer. Change it to avoid
the warning.
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Thomas Haller <thaller@redhat.com>
In nlmsg_convert, if __nlmsg_alloc fails we can return NULL directly
instead of unnecessarily calling nlmsg_free on the NULL pointer.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Thomas Haller <thaller@redhat.com>
A few lines above nm->nm_nlh is already allocated with calloc, the
allocated memory has at least sizeof(struct nlmsghdr).
Signed-off-by: Olaf Hering <olaf@aepfle.de>
If a hdrlen was provided that was greather than the actual
message length, a negative attributes length would result.
This was typically happening for RTM_GETLINK requests where
we can get a away with a 4 bytes header on the request side
but the response would use a 16 bytes header.
This resulted in strange -8 bytes leftover debug messages.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
The nlmsg_ok macro has a comparison between an int and a size_t
(unsigned int). The C spec says the int is cast to unsigned int before
the comparison. This is a problem as the audit system will send skb's
with skb->len == nlhhdr->nlmsg_len which are NOT aligned. Thus you can
end up with remaining being negative. So the comparison becomes
(unsigned int)(-1) >= (unsigned int)16
Which turns out to be true! It should clearly be false. So if we cast
the size_t to an int we get a signed comparison and it works. (This is
what linux/netlink.h and all of the kernel netlink headers do)
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
1. Fix some places where unsigned value compared < 0
2. Fix obsolete %Z specifier to more portable %z
3. Some erroneous types substitution
4. nl_msec2str() - 64-bit msec is now properly used,
Only safe changes. I mean int <--> uint32_t and signed/unsigned fixes.
Some functinos require size_t argument instead of int, but changes of
signatures of that functions is terrible thing.
Also, I do not pretend for a full list of fixes.
Just to shut up clang -Wall -Wextra
One more thing. ifindex. I don't change that because changes will
be too big for simple fix.
- changes the modules hierarchy to better represent the set of libaries
- list the header file that needs to be included
- remove examples/doc from api ref that is included in the guide
- add references to the guide
- fix doxygen api linking for version 1.8.0
- readd doxygen mainpage to config file
- fix a couple of doxygen doc bugs
The netlink message buffer is preallocated to a page and later
expanded as needed. Everything was properly paded and zeroed
out except for the unused part at the end. Use calloc() to
allocate the buffer.
I found the following bug, where nlmsg_ok() in lib/msg.c would
incorrectly return 'true' when the input argument 'remaining' was a negative
number. This happens when the message is not aligned the way that libnl
expects (although it is still legal).
In the comparison of the signed and unsigned numbers on line 284, the signed
number gets converted to an unsigned number, which is unexpected and
naturally produces a bug. My patch is below. The cast is ugly, but it
fixes the problem.
In order for the interface to become more thread safe, the error
handling was revised to no longer depend on a static errno and
error string buffer.
This patch converts all error paths to return a libnl specific
error code which can be translated to a error message using
nl_geterror(int error). The functions nl_error() and
nl_get_errno() are therefore obsolete.
This change required various sets of function prototypes to be
changed in order to return an error code, the most prominent
are:
struct nl_cache *foo_alloc_cache(...);
changed to:
int foo_alloc_cache(..., struct nl_cache **);
struct nl_msg *foo_build_request(...);
changed to:
int foo_build_request(..., struct nl_msg **);
struct foo *foo_parse(...);
changed to:
int foo_parse(..., struct foo **);
This pretty much only leaves trivial allocation functions to
still return a pointer object which can still return NULL to
signal out of memory.
This change is a serious API and ABI breaker, sorry!
As pointed out by Regis Hanna, a considerable performance gain can be
achieved by using malloc() over calloc() when allocating netlink message
buffers. This is likely due to the fact that we use a complete page for
each message.
Patrick McHardy reported a problem where pointers to the
payload of a netlink message as returned by f.e. the
nesting helpers become stale when the payload data
chunk is reallocated.
In order to avoid further problems, the payload chunk is
no longer extended on the fly. Instead the allocation is
made during netlink message object allocation time with
a default size of a page which should be fine for the
majority of all users. Additionally the functions
nlmsg_alloc_size() and nlmsg_set_default_size() have been
added to allocate messages of a particular length and to
modify the default message size.