Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2196937e authored by Dan Carpenter's avatar Dan Carpenter Committed by Pablo Neira Ayuso
Browse files

netfilter: ipset: small potential read beyond the end of buffer 



We could be reading 8 bytes into a 4 byte buffer here.  It seems
harmless but adding a check is the right thing to do and it silences a
static checker warning.

Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Acked-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 6b96686e

net/netfilter/ipset/ip_set_core.c

+6 −0
Original line number Original line Diff line number Diff line
@@ -1863,6 +1863,12 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len) 
	if (*op < IP_SET_OP_VERSION) {

	if (*op < IP_SET_OP_VERSION) {

		/* Check the version at the beginning of operations */

		/* Check the version at the beginning of operations */

		struct ip_set_req_version *req_version = data;

		struct ip_set_req_version *req_version = data;



		if (*len < sizeof(struct ip_set_req_version)) {

			ret = -EINVAL;

			goto done;

		}



		if (req_version->version != IPSET_PROTOCOL) {

		if (req_version->version != IPSET_PROTOCOL) {

			ret = -EPROTO;

			ret = -EPROTO;

			goto done;

			goto done;