From 5b5cbaf1e54a9c0fb169465913c1250c560b487a Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Thu, 18 Feb 2016 14:07:42 +0100
Subject: [PATCH] libnetlink: don't confuse variables in rtnl_talk()
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1288042
Upstream Status: iproute2.git commit ed108cfc0260b
commit ed108cfc0260b6b751647982b77d6363b1defb15
Author: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Date: Thu Dec 3 17:13:48 2015 +0100
libnetlink: don't confuse variables in rtnl_talk()
There is two variables named 'len' in rtnl_talk. In fact, commit
c079e121a73a didn't work. For example, it was possible to trigger
a seg fault with this command:
$ ip link set gre2 type ip6gre hoplimit 32
Let's rename the argument len to maxlen.
Fixes: c079e121a73a ("libnetlink: add size argument to rtnl_talk")
Reported-by: Thomas Faivre <thomas.faivre@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
lib/libnetlink.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/libnetlink.c b/lib/libnetlink.c
index 97b79fd..b2a300e 100644
--- a/lib/libnetlink.c
+++ b/lib/libnetlink.c
@@ -311,7 +311,7 @@ int rtnl_dump_filter_nc(struct rtnl_handle *rth,
}
int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
- struct nlmsghdr *answer, size_t len)
+ struct nlmsghdr *answer, size_t maxlen)
{
int status;
unsigned seq;
@@ -394,7 +394,7 @@ int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
} else if (!err->error) {
if (answer)
memcpy(answer, h,
- MIN(len, h->nlmsg_len));
+ MIN(maxlen, h->nlmsg_len));
return 0;
}
@@ -406,7 +406,7 @@ int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
if (answer) {
memcpy(answer, h,
- MIN(len, h->nlmsg_len));
+ MIN(maxlen, h->nlmsg_len));
return 0;
}
--
1.8.3.1