diff options
author | Dan Carpenter <dan.carpenter@oracle.com> | 2014-11-10 17:11:21 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-11-11 13:46:37 +0100 |
commit | 2196937e12b1b4ba139806d132647e1651d655df (patch) | |
tree | 12561833de32e924c618449393fe0a4dc186af0a /net | |
parent | 6b96686ecffcbea85dcb502e4584e4a20a2bfb29 (diff) | |
download | linux-2196937e12b1b4ba139806d132647e1651d655df.tar.gz linux-2196937e12b1b4ba139806d132647e1651d655df.tar.bz2 linux-2196937e12b1b4ba139806d132647e1651d655df.zip |
netfilter: ipset: small potential read beyond the end of buffer
We could be reading 8 bytes into a 4 byte buffer here. It seems
harmless but adding a check is the right thing to do and it silences a
static checker warning.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/ipset/ip_set_core.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index 86f9d76b1464..d259da3ce67a 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -1863,6 +1863,12 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len) if (*op < IP_SET_OP_VERSION) { /* Check the version at the beginning of operations */ struct ip_set_req_version *req_version = data; + + if (*len < sizeof(struct ip_set_req_version)) { + ret = -EINVAL; + goto done; + } + if (req_version->version != IPSET_PROTOCOL) { ret = -EPROTO; goto done; |