Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote:
> From: Eric Dumazet <edumazet@xxxxxxxxxx>
>
> syzbot found that we are not validating user input properly
> before copying 16 bytes [1].
> Using NLA_BINARY in ipaddr_policy[] for IPv6 address is not correct,
> since it ensures at most 16 bytes were provided.
Thanks Eric. Looks like this is the only case in ipset, the other 3
NLA_BINARY users do a
nla_len(tb[IPSET_ATTR_ETHER]) != ETH_ALEN))
before copying.
