Re: [patch] netfilter: ipset: off by one in ip_set_nfnl_get_byindex()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 21 Oct 2014, Dan Carpenter wrote:

> The ->ip_set_list[] array is initialized in ip_set_net_init() and it
> has ->ip_set_max elements so this check should be >= instead of >
> otherwise we are off by one.
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> ---
> I am not very familiar with this code, so please review cautiously.
> This is an old bug which should go to -stable.
> 
> diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
> index 912e5a0..86f9d76 100644
> --- a/net/netfilter/ipset/ip_set_core.c
> +++ b/net/netfilter/ipset/ip_set_core.c
> @@ -659,7 +659,7 @@ ip_set_nfnl_get_byindex(struct net *net, ip_set_id_t index)
>  	struct ip_set *set;
>  	struct ip_set_net *inst = ip_set_pernet(net);
>  
> -	if (index > inst->ip_set_max)
> +	if (index >= inst->ip_set_max)
>  		return IPSET_INVALID_ID;
>  
>  	nfnl_lock(NFNL_SUBSYS_IPSET);
> 

Absolutely right and it should go to stable too!

Acked-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>

Best regards,
Jozsef
-
E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux