Re: [PATCH 1/6] netfilter: ipset: off by one in ip_set_nfnl_get_byindex()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Pablo,

On Tue, Nov 04, 2014 at 07:02:27PM +0100, Pablo Neira Ayuso wrote:
> From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> 
> [ upstream commit 6ecc71202d3a817d7eee44be9f98abc0dcface93 ]
> 
> The ->ip_set_list[] array is initialized in ip_set_net_init() and it
> has ->ip_set_max elements so this check should be >= instead of >
> otherwise we are off by one.
> 
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.14.x
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.16.x
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.17.x
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> Acked-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> ---
>  net/netfilter/ipset/ip_set_core.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
> index 912e5a0..86f9d76 100644
> --- a/net/netfilter/ipset/ip_set_core.c
> +++ b/net/netfilter/ipset/ip_set_core.c
> @@ -659,7 +659,7 @@ ip_set_nfnl_get_byindex(struct net *net, ip_set_id_t index)
>  	struct ip_set *set;
>  	struct ip_set_net *inst = ip_set_pernet(net);
>  
> -	if (index > inst->ip_set_max)
> +	if (index >= inst->ip_set_max)
>  		return IPSET_INVALID_ID;
>  
>  	nfnl_lock(NFNL_SUBSYS_IPSET);
> -- 
> 1.7.10.4
> 
> --
> To unsubscribe from this list: send the line "unsubscribe stable" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

I believe you have the SHA1s wrong, they should be:

0f9f5e1b83abd2b37c67658e02a6fc9001831fa5 netfilter: ipset: off by one in ip_set_nfnl_get_byindex()
c123bb7163043bb8f33858cf8e45b01c17dbd171 netfilter: nf_tables: check for NULL in nf_tables_newchain pcpu stats allocation
9dfa1dfe4d5e5e66a991321ab08afe69759d797a netfilter: nf_log: account for size of NLMSG_DONE attribute
c1e7dc91eed0ed1a51c9b814d648db18bf8fc6e9 netfilter: nfnetlink_log: fix maximum packet length logged to userspace
b51d3fa364885a2c1e1668f88776c67c95291820 netfilter: nf_log: release skbuff on nlmsg put failure
7965ee93719921ea5978f331da653dfa2d7b99f5 netfilter: nft_compat: fix wrong target lookup in nft_target_select_ops()

Assuming these are the correct ones, I'm queuing them for the 3.16
kernel.  Thanks!

Cheers,
--
Luís
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]