On Tue, Oct 21, 2014 at 11:51:12AM +0200, Jozsef Kadlecsik wrote: > On Tue, 21 Oct 2014, Dan Carpenter wrote: > > > The ->ip_set_list[] array is initialized in ip_set_net_init() and it > > has ->ip_set_max elements so this check should be >= instead of > > > otherwise we are off by one. > > > > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > > --- > > I am not very familiar with this code, so please review cautiously. > > This is an old bug which should go to -stable. > > > > diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c > > index 912e5a0..86f9d76 100644 > > --- a/net/netfilter/ipset/ip_set_core.c > > +++ b/net/netfilter/ipset/ip_set_core.c > > @@ -659,7 +659,7 @@ ip_set_nfnl_get_byindex(struct net *net, ip_set_id_t index) > > struct ip_set *set; > > struct ip_set_net *inst = ip_set_pernet(net); > > > > - if (index > inst->ip_set_max) > > + if (index >= inst->ip_set_max) > > return IPSET_INVALID_ID; > > > > nfnl_lock(NFNL_SUBSYS_IPSET); > > > > Absolutely right and it should go to stable too! > > Acked-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> Applied, thanks. My script says this applies cleanly to: 3.14.x 3.16.x 3.17.x So I'll enqueue this for those. -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
