git.baikalelectronics.ru Git - kernel.git/commit

]> git.baikalelectronics.ru Git - kernel.git/commit

author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
	Tue, 8 Mar 2016 19:29:10 +0000 (20:29 +0100)
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
	Tue, 8 Mar 2016 19:36:17 +0000 (20:36 +0100)
commit	fff4416ff430147495ddc7aa68575337cdc4592a
tree	66fe7872cb80156e6e58e9b95978d6fb9a6f3063	tree \| snapshot
parent	7ea3fe60c404d0c80673de5236cc00f0fe7bed6c	commit \| diff

netfilter: ipset: Check IPSET_ATTR_ETHER netlink attribute length

Julia Lawall pointed out that IPSET_ATTR_ETHER netlink attribute length
was not checked explicitly, just for the maximum possible size. Malicious
netlink clients could send shorter attribute and thus resulting a kernel
read after the buffer.

The patch adds the explicit length checkings.

Reported-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

net/netfilter/ipset/ip_set_bitmap_ipmac.c		diff \| blob \| history
net/netfilter/ipset/ip_set_hash_mac.c		diff \| blob \| history

Linux Kernel Source Tree.

RSS Atom