mirror of
https://github.com/opnsense/src.git
synced 2026-06-09 08:43:19 -04:00
netlink: Fully clear parser state between messages
Failing to reset the cookie between messages can lead to an attempt to interpret a zeroed buffer as a struct nlattr, causing a length calculation to underflow, resulting in a memcpy() call where the length exceeds the actual size of the buffer. MFC after: 1 week PR: 283797 Reviewed by: glebius Differential Revision: https://reviews.freebsd.org/D51634
This commit is contained in:
Dag-Erling Smørgrav
parent
4befc6711a
commit
a8d90e3213
1 changed files with 1 additions and 0 deletions
|
|
@ -308,6 +308,7 @@ static void
|
|||
npt_clear(struct nl_pstate *npt)
|
||||
{
|
||||
lb_clear(&npt->lb);
|
||||
npt->cookie = NULL;
|
||||
npt->error = 0;
|
||||
npt->err_msg = NULL;
|
||||
npt->err_off = 0;
|
||||
|
|
|
|||
Loading…
Reference in a new issue