On Thu, Nov 14, 2024 at 12:46:29PM +0100, Jozsef Kadlecsik wrote:
> On Thu, 14 Nov 2024, Pablo Neira Ayuso wrote:
>
> > On Thu, Nov 14, 2024 at 12:10:05PM +0100, Paolo Abeni wrote:
> > > On 11/13/24 14:02, Jeongjun Park wrote:
> > > > When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists,
> > > > the values of ip and ip_to are slightly swapped. Therefore, the range check
> > > > for ip should be done later, but this part is missing and it seems that the
> > > > vulnerability occurs.
> > > >
> > > > So we should add missing range checks and remove unnecessary range checks.
> > > >
> > > > Cc: <stable@xxxxxxxxxxxxxxx>
> > > > Reported-by: syzbot+58c872f7790a4d2ac951@xxxxxxxxxxxxxxxxxxxxxxxxx
> > > > Fixes: 72205fc68bd1 ("netfilter: ipset: bitmap:ip set type support")
> > > > Signed-off-by: Jeongjun Park <aha310510@xxxxxxxxx>
> > >
> > > @Pablo, @Jozsef: despite the subj prefix, I guess this should go via
> > > your tree. Please LMK if you prefer otherwise.
> >
> > Patch LGTM. I am waiting for Jozsef to acknowledge this fix.
>
> Sorry for the delay at acking the patch. Please apply it to the stable
> branches too because those are affected as well.
No problem, preparing PR. Thanks Jozsef.
