diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2016-03-08 20:29:10 +0100 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2016-03-08 20:36:17 +0100 |
commit | d8aacd87180141ff6b812b53de77a4336e87c91a (patch) | |
tree | 66fe7872cb80156e6e58e9b95978d6fb9a6f3063 /crypto/aead.c | |
parent | 45040978c8994d1401baf5cc5ac71c1495d4e120 (diff) |
netfilter: ipset: Check IPSET_ATTR_ETHER netlink attribute length
Julia Lawall pointed out that IPSET_ATTR_ETHER netlink attribute length
was not checked explicitly, just for the maximum possible size. Malicious
netlink clients could send shorter attribute and thus resulting a kernel
read after the buffer.
The patch adds the explicit length checkings.
Reported-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'crypto/aead.c')
0 files changed, 0 insertions, 0 deletions