common: Avoid integer overflow in nftnl_batch_is_supported()

time() may return -1 which is then assigned to an unsigned integer type
and used as sequence number. The following code increments that number
multiple times, so it may overflow and get libmnl confused. To avoid
this, fall back to a starting sequence number of zero in case the call
to time() failed.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/common.c b/src/common.c
index bf4176ceb76ebb08c82f7c794a439408cd5de20b..2189cc8a3e882a47aa27ece19d6d0de0213adc58 100644 (file)
--- a/src/common.c
+++ b/src/common.c
@@ -192,6 +192,9 @@ int nftnl_batch_is_supported(void)
        uint32_t seq = time(NULL), req_seq;
        int ret;
 
+       if (seq == (uint32_t)-1)
+               seq = 0;
+
        nl = mnl_socket_open(NETLINK_NETFILTER);
        if (nl == NULL)
                return -1;