On 11/13/24 14:02, Jeongjun Park wrote:
> When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists,
> the values of ip and ip_to are slightly swapped. Therefore, the range check
> for ip should be done later, but this part is missing and it seems that the
> vulnerability occurs.
>
> So we should add missing range checks and remove unnecessary range checks.
>
> Cc: <stable@xxxxxxxxxxxxxxx>
> Reported-by: syzbot+58c872f7790a4d2ac951@xxxxxxxxxxxxxxxxxxxxxxxxx
> Fixes: 72205fc68bd1 ("netfilter: ipset: bitmap:ip set type support")
> Signed-off-by: Jeongjun Park <aha310510@xxxxxxxxx>
@Pablo, @Jozsef: despite the subj prefix, I guess this should go via
your tree. Please LMK if you prefer otherwise.
Cheers,
Paolo
