The nlmsg_ok macro has a comparison between an int and a size_t
(unsigned int). The C spec says the int is cast to unsigned int before
the comparison. This is a problem as the audit system will send skb's
with skb->len == nlhhdr->nlmsg_len which are NOT aligned. Thus you can
end up with remaining being negative. So the comparison becomes
(unsigned int)(-1) >= (unsigned int)16
Which turns out to be true! It should clearly be false. So if we cast
the size_t to an int we get a signed comparison and it works. (This is
what linux/netlink.h and all of the kernel netlink headers do)
Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Thomas Graf <tgraf@suug.ch>
projects / libnl / commit