Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 13c6ba1f authored by Jozsef Kadlecsik's avatar Jozsef Kadlecsik
Browse files

netfilter: ipset: Fix the last missing check of nla_parse_deprecated() 



In dump_init() the outdated comment was incorrect and we had a missing
validation check of nla_parse_deprecated().

Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
parent f4f5748b

net/netfilter/ipset/ip_set_core.c

+6 −4
Original line number Diff line number Diff line
@@ -1293,11 +1293,13 @@ dump_init(struct netlink_callback *cb, struct ip_set_net *inst) 
	struct nlattr *attr = (void *)nlh + min_len;

	u32 dump_type;

	ip_set_id_t index;

	int ret;



	/* Second pass, so parser can't fail */

	nla_parse_deprecated(cda, IPSET_ATTR_CMD_MAX, attr,

			     nlh->nlmsg_len - min_len, ip_set_setname_policy,

			     NULL);

	ret = nla_parse_deprecated(cda, IPSET_ATTR_CMD_MAX, attr,

				   nlh->nlmsg_len - min_len,

				   ip_set_setname_policy, NULL);

	if (ret)

		return ret;



	cb->args[IPSET_CB_PROTO] = nla_get_u8(cda[IPSET_ATTR_PROTOCOL]);

	if (cda[IPSET_ATTR_SETNAME]) {