From 5b5cbaf1e54a9c0fb169465913c1250c560b487a Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 18 Feb 2016 14:07:42 +0100 Subject: [PATCH] libnetlink: don't confuse variables in rtnl_talk() Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1288042 Upstream Status: iproute2.git commit ed108cfc0260b commit ed108cfc0260b6b751647982b77d6363b1defb15 Author: Nicolas Dichtel Date: Thu Dec 3 17:13:48 2015 +0100 libnetlink: don't confuse variables in rtnl_talk() There is two variables named 'len' in rtnl_talk. In fact, commit c079e121a73a didn't work. For example, it was possible to trigger a seg fault with this command: $ ip link set gre2 type ip6gre hoplimit 32 Let's rename the argument len to maxlen. Fixes: c079e121a73a ("libnetlink: add size argument to rtnl_talk") Reported-by: Thomas Faivre Signed-off-by: Nicolas Dichtel --- lib/libnetlink.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/libnetlink.c b/lib/libnetlink.c index 97b79fd..b2a300e 100644 --- a/lib/libnetlink.c +++ b/lib/libnetlink.c @@ -311,7 +311,7 @@ int rtnl_dump_filter_nc(struct rtnl_handle *rth, } int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, - struct nlmsghdr *answer, size_t len) + struct nlmsghdr *answer, size_t maxlen) { int status; unsigned seq; @@ -394,7 +394,7 @@ int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, } else if (!err->error) { if (answer) memcpy(answer, h, - MIN(len, h->nlmsg_len)); + MIN(maxlen, h->nlmsg_len)); return 0; } @@ -406,7 +406,7 @@ int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n, if (answer) { memcpy(answer, h, - MIN(len, h->nlmsg_len)); + MIN(maxlen, h->nlmsg_len)); return 0; } -- 1.8.3.1