]> granicus.if.org Git - ipset/commit
projects / ipset / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7dcaf66) | patch
netfilter: ipset: Check IPSET_ATTR_ETHER netlink attribute length
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Tue, 8 Mar 2016 19:29:10 +0000 (20:29 +0100)
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Tue, 8 Mar 2016 19:29:10 +0000 (20:29 +0100)
commit367e198805de5027da779ab86cebd4a2c69c75d8
tree16b0f5183b451b174696fee7b571e0a1274e5aa4tree | snapshot
parent7dcaf666bbc8290f8eb0eb3ec4dd0c5631020347commit | diff
netfilter: ipset: Check IPSET_ATTR_ETHER netlink attribute length

Julia Lawall pointed out that IPSET_ATTR_ETHER netlink attribute length
was not checked explicitly, just for the maximum possible size. Malicious
netlink clients could send shorter attribute and thus resulting a kernel
read after the buffer.

The patch adds the explicit length checkings.

Reported-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c diff | blob | history
kernel/net/netfilter/ipset/ip_set_hash_mac.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.