Check IPSET_ATTR_ETHER netlink attribute length in hash:ipmac too

The explicit length checking was missing, added.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c b/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c
index aa99251a9cdb1aa850f23b737bbd49de29855946..d9eb144b01d624c4988a8393e1cd1fc5bf6456e9 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ipmac.c
@@ -123,6 +123,7 @@ hash_ipmac4_uadt(struct ip_set *set, struct nlattr *tb[],
 
        if (unlikely(!tb[IPSET_ATTR_IP] ||
                     !tb[IPSET_ATTR_ETHER] ||
+                    nla_len(tb[IPSET_ATTR_ETHER]) != ETH_ALEN ||
                     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
                     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
                     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)   ||
@@ -241,6 +242,7 @@ hash_ipmac6_uadt(struct ip_set *set, struct nlattr *tb[],
 
        if (unlikely(!tb[IPSET_ATTR_IP] ||
                     !tb[IPSET_ATTR_ETHER] ||
+                    nla_len(tb[IPSET_ATTR_ETHER]) != ETH_ALEN ||
                     !ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
                     !ip_set_optattr_netorder(tb, IPSET_ATTR_PACKETS) ||
                     !ip_set_optattr_netorder(tb, IPSET_ATTR_BYTES)   ||