Re: [PATCH] netfilter: ipset: small potential read beyond the end of buffer

Ben Hutchings <ben@xxxxxxxxxxxxxxx> · Wed, 11 Feb 2015 02:28:06 +0000

On Thu, 2015-01-15 at 13:22 +0100, Pablo Neira Ayuso wrote:
> From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> 
> [ upstream commit 2196937e12b1b4ba139806d132647e1651d655df ]
> 
> We could be reading 8 bytes into a 4 byte buffer here.  It seems
> harmless but adding a check is the right thing to do and it silences a
> static checker warning.
> 
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.2.x
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.4.x
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.10.x
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.12.x
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.14.x
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.16.x
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.17.x
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> Acked-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[...]

Queued up for 3.2, thanks.

Ben.

-- 
Ben Hutchings
When in doubt, use brute force. - Ken Thompson
Attachment:
signature.asc

Description: This is a digitally signed message part