From e76ad06d01d31fff4c482974138d2c4566e264cf Mon Sep 17 00:00:00 2001 From: Hans Dedecker Date: Mon, 23 Sep 2019 22:06:00 +0200 Subject: netlink: fix potential infinite loops Fix potential infinite loops by checking the return code of nl_send_auto_complete; if nl_send_auto_complete fails pending will always have the value 1 as the finish callback will not be called resulting into an infinite loop Signed-off-by: Hans Dedecker --- src/netlink.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/src/netlink.c b/src/netlink.c index 1a7534d..39f6245 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -655,14 +655,16 @@ ssize_t netlink_get_interface_addrs(int ifindex, bool v6, struct odhcpd_ipaddr * nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, cb_addr_finish, &ctxt); nl_cb_err(cb, NL_CB_CUSTOM, cb_addr_error, &ctxt); - nl_send_auto_complete(rtnl_socket, msg); + ctxt.ret = nl_send_auto_complete(rtnl_socket, msg); + if (ctxt.ret < 0) + goto free; + + ctxt.ret = 0; while (ctxt.pending > 0) nl_recvmsgs(rtnl_socket, cb); - nlmsg_free(msg); - if (ctxt.ret <= 0) - goto out; + goto free; time_t now = odhcpd_time(); struct odhcpd_ipaddr *addr = *addrs; @@ -677,6 +679,8 @@ ssize_t netlink_get_interface_addrs(int ifindex, bool v6, struct odhcpd_ipaddr * addr[i].valid += now; } +free: + nlmsg_free(msg); out: nl_cb_put(cb); @@ -778,12 +782,15 @@ int netlink_get_interface_proxy_neigh(int ifindex, const struct in6_addr *addr) nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, cb_proxy_neigh_finish, &ctxt); nl_cb_err(cb, NL_CB_CUSTOM, cb_proxy_neigh_error, &ctxt); - nl_send_auto_complete(rtnl_socket, msg); + ctxt.ret = nl_send_auto_complete(rtnl_socket, msg); + if (ctxt.ret < 0) + goto free; + while (ctxt.pending > 0) nl_recvmsgs(rtnl_socket, cb); +free: nlmsg_free(msg); - out: nl_cb_put(cb); -- cgit v1.2.3