On Mon, 10 Nov 2014, Pablo Neira Ayuso wrote: > On Fri, Nov 07, 2014 at 09:21:40AM +0300, Dan Carpenter wrote: > > We could be reading 8 bytes into a 4 byte buffer here. It seems > > harmless but adding a check is the right thing to do and it silences a > > static checker warning. > > > > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > > > > diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c > > index 86f9d76..ac08a3f 100644 > > --- a/net/netfilter/ipset/ip_set_core.c > > +++ b/net/netfilter/ipset/ip_set_core.c > > @@ -1863,7 +1863,8 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len) > > if (*op < IP_SET_OP_VERSION) { > > /* Check the version at the beginning of operations */ > > struct ip_set_req_version *req_version = data; > > - if (req_version->version != IPSET_PROTOCOL) { > > + if (*len < sizeof(struct ip_set_req_version) || > > + req_version->version != IPSET_PROTOCOL) { > > ret = -EPROTO; > > goto done; > > Thanks for catching up this. > > >From other similar code in that location, I can see Jozsef is using > this pattern: > > if (*len != sizeof(struct ip_set_req_version)) { > ret = -EINVAL; > goto done; > } > > I think it would be good to stick to that for consistency. Thanks. Absolutely, yes. Acked-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html