Hi Florian,
On Thu, 22 Nov 2012, Florian Westphal wrote:
> attribute is copied to IFNAMSIZ-size stack variable,
> but IFNAMSIZ is smaller than IPSET_MAXNAMELEN.
>
> Fortunately nfnetlink needs CAP_NET_ADMIN.
Good catch! Pablo, the patch should be applied to the -stable tree down to
3.2.x.
Acked-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Best regards,
Jozsef
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> ---
> net/netfilter/ipset/ip_set_hash_netiface.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/net/netfilter/ipset/ip_set_hash_netiface.c b/net/netfilter/ipset/ip_set_hash_netiface.c
> index b9a6338..45a1014 100644
> --- a/net/netfilter/ipset/ip_set_hash_netiface.c
> +++ b/net/netfilter/ipset/ip_set_hash_netiface.c
> @@ -793,7 +793,7 @@ static struct ip_set_type hash_netiface_type __read_mostly = {
> [IPSET_ATTR_IP] = { .type = NLA_NESTED },
> [IPSET_ATTR_IP_TO] = { .type = NLA_NESTED },
> [IPSET_ATTR_IFACE] = { .type = NLA_NUL_STRING,
> - .len = IPSET_MAXNAMELEN - 1 },
> + .len = IFNAMSIZ - 1 },
> [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
> [IPSET_ATTR_CIDR] = { .type = NLA_U8 },
> [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 },
> --
> 1.7.8.6
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
