From: Phil Sutter <phil@nwl.cc>
Date: Thu, 11 Aug 2016 23:33:37 +0000 (+0200)
Subject: common: Avoid integer overflow in nftnl_batch_is_supported()
X-Git-Tag: libnftnl-1.0.7~55
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d26feca2c9c19b650b5a7554b5a412ceca990b7a;p=thirdparty%2Flibnftnl.git

common: Avoid integer overflow in nftnl_batch_is_supported()

time() may return -1 which is then assigned to an unsigned integer type
and used as sequence number. The following code increments that number
multiple times, so it may overflow and get libmnl confused. To avoid
this, fall back to a starting sequence number of zero in case the call
to time() failed.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/common.c b/src/common.c
index bf4176ce..2189cc8a 100644
--- a/src/common.c
+++ b/src/common.c
@@ -192,6 +192,9 @@ int nftnl_batch_is_supported(void)
 	uint32_t seq = time(NULL), req_seq;
 	int ret;
 
+	if (seq == (uint32_t)-1)
+		seq = 0;
+
 	nl = mnl_socket_open(NETLINK_NETFILTER);
 	if (nl == NULL)
 		return -1;