On Tue, 21 Oct 2014, Dan Carpenter wrote: > The ->ip_set_list[] array is initialized in ip_set_net_init() and it > has ->ip_set_max elements so this check should be >= instead of > > otherwise we are off by one. > > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > --- > I am not very familiar with this code, so please review cautiously. > This is an old bug which should go to -stable. > > diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c > index 912e5a0..86f9d76 100644 > --- a/net/netfilter/ipset/ip_set_core.c > +++ b/net/netfilter/ipset/ip_set_core.c > @@ -659,7 +659,7 @@ ip_set_nfnl_get_byindex(struct net *net, ip_set_id_t index) > struct ip_set *set; > struct ip_set_net *inst = ip_set_pernet(net); > > - if (index > inst->ip_set_max) > + if (index >= inst->ip_set_max) > return IPSET_INVALID_ID; > > nfnl_lock(NFNL_SUBSYS_IPSET); > Absolutely right and it should go to stable too! Acked-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
