netlink: fix potential infinite loops

Fix potential infinite loops by checking the return code of
nl_send_auto_complete; if nl_send_auto_complete fails pending
will always have the value 1 as the finish callback will not
be called resulting into an infinite loop

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

1 files changed, 13 insertions, 6 deletions

diff --git a/src/netlink.c b/src/netlink.c
index 1a7534d..39f6245 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -655,14 +655,16 @@ ssize_t netlink_get_interface_addrs(int ifindex, bool v6, struct odhcpd_ipaddr *
 	nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, cb_addr_finish, &ctxt);
 	nl_cb_err(cb, NL_CB_CUSTOM, cb_addr_error, &ctxt);
 
-	nl_send_auto_complete(rtnl_socket, msg);
+	ctxt.ret = nl_send_auto_complete(rtnl_socket, msg);
+	if (ctxt.ret < 0)
+		goto free;
+
+	ctxt.ret = 0;
 	while (ctxt.pending > 0)
 		nl_recvmsgs(rtnl_socket, cb);
 
-	nlmsg_free(msg);
-
 	if (ctxt.ret <= 0)
-		goto out;
+		goto free;
 
 	time_t now = odhcpd_time();
 	struct odhcpd_ipaddr *addr = *addrs;
@@ -677,6 +679,8 @@ ssize_t netlink_get_interface_addrs(int ifindex, bool v6, struct odhcpd_ipaddr *
 			addr[i].valid += now;
 	}
 
+free:
+	nlmsg_free(msg);
 out:
 	nl_cb_put(cb);
 
@@ -778,12 +782,15 @@ int netlink_get_interface_proxy_neigh(int ifindex, const struct in6_addr *addr)
 	nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, cb_proxy_neigh_finish, &ctxt);
 	nl_cb_err(cb, NL_CB_CUSTOM, cb_proxy_neigh_error, &ctxt);
 
-	nl_send_auto_complete(rtnl_socket, msg);
+	ctxt.ret = nl_send_auto_complete(rtnl_socket, msg);
+	if (ctxt.ret < 0)
+		goto free;
+
 	while (ctxt.pending > 0)
 		nl_recvmsgs(rtnl_socket, cb);
 
+free:
 	nlmsg_free(msg);
-
 out:
 	nl_cb_put(cb);