summaryrefslogtreecommitdiffhomepage
path: root/src
diff options
context:
space:
mode:
authorHans Dedecker <dedeckeh@gmail.com>2019-09-23 22:06:00 +0200
committerHans Dedecker <dedeckeh@gmail.com>2019-10-01 22:31:14 +0200
commite76ad06d01d31fff4c482974138d2c4566e264cf (patch)
tree6529f958246a0da6e2538860831b68782ded833b /src
parent1d240094472c2a46096dc5a412ba4423a28b8ea3 (diff)
netlink: fix potential infinite loops
Fix potential infinite loops by checking the return code of nl_send_auto_complete; if nl_send_auto_complete fails pending will always have the value 1 as the finish callback will not be called resulting into an infinite loop Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Diffstat (limited to 'src')
-rw-r--r--src/netlink.c19
1 files changed, 13 insertions, 6 deletions
diff --git a/src/netlink.c b/src/netlink.c
index 1a7534d..39f6245 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -655,14 +655,16 @@ ssize_t netlink_get_interface_addrs(int ifindex, bool v6, struct odhcpd_ipaddr *
nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, cb_addr_finish, &ctxt);
nl_cb_err(cb, NL_CB_CUSTOM, cb_addr_error, &ctxt);
- nl_send_auto_complete(rtnl_socket, msg);
+ ctxt.ret = nl_send_auto_complete(rtnl_socket, msg);
+ if (ctxt.ret < 0)
+ goto free;
+
+ ctxt.ret = 0;
while (ctxt.pending > 0)
nl_recvmsgs(rtnl_socket, cb);
- nlmsg_free(msg);
-
if (ctxt.ret <= 0)
- goto out;
+ goto free;
time_t now = odhcpd_time();
struct odhcpd_ipaddr *addr = *addrs;
@@ -677,6 +679,8 @@ ssize_t netlink_get_interface_addrs(int ifindex, bool v6, struct odhcpd_ipaddr *
addr[i].valid += now;
}
+free:
+ nlmsg_free(msg);
out:
nl_cb_put(cb);
@@ -778,12 +782,15 @@ int netlink_get_interface_proxy_neigh(int ifindex, const struct in6_addr *addr)
nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, cb_proxy_neigh_finish, &ctxt);
nl_cb_err(cb, NL_CB_CUSTOM, cb_proxy_neigh_error, &ctxt);
- nl_send_auto_complete(rtnl_socket, msg);
+ ctxt.ret = nl_send_auto_complete(rtnl_socket, msg);
+ if (ctxt.ret < 0)
+ goto free;
+
while (ctxt.pending > 0)
nl_recvmsgs(rtnl_socket, cb);
+free:
nlmsg_free(msg);
-
out:
nl_cb_put(cb);