netfilter: ipset: Check for comment netlink attribute length

Ensure userspace supplies string not longer than IPSET_MAX_COMMENT_SIZE. Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Sergey Popovich <popovich_sergei@mail.ua> 2015-05-02 19:28:16 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-05-13 13:25:47 +0200
commit: 037261866c8dd164c426580160973eb2d68f688c (patch)
tree: f3a6c97734ebde8232d01ac6fde95fa5bb51f3a2 /net/netfilter/ipset/ip_set_bitmap_port.c
parent: 728a7e6903af6f901eeff9a2d9ffb06d55e9b1e4 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/ipset/ip_set_bitmap_port.c b/net/netfilter/ipset/ip_set_bitmap_port.c
index 005dd36444c3..898edb693b3f 100644
--- a/net/netfilter/ipset/ip_set_bitmap_port.c
+++ b/net/netfilter/ipset/ip_set_bitmap_port.c
@@ -294,7 +294,8 @@ static struct ip_set_type bitmap_port_type = {
 		[IPSET_ATTR_LINENO]	= { .type = NLA_U32 },
 		[IPSET_ATTR_BYTES]	= { .type = NLA_U64 },
 		[IPSET_ATTR_PACKETS]	= { .type = NLA_U64 },
-		[IPSET_ATTR_COMMENT]	= { .type = NLA_NUL_STRING },
+		[IPSET_ATTR_COMMENT]	= { .type = NLA_NUL_STRING,
+					    .len  = IPSET_MAX_COMMENT_SIZE },
 		[IPSET_ATTR_SKBMARK]	= { .type = NLA_U64 },
 		[IPSET_ATTR_SKBPRIO]	= { .type = NLA_U32 },
 		[IPSET_ATTR_SKBQUEUE]	= { .type = NLA_U16 },
author	Sergey Popovich <popovich_sergei@mail.ua>	2015-05-02 19:28:16 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-05-13 13:25:47 +0200
commit	037261866c8dd164c426580160973eb2d68f688c (patch)
tree	f3a6c97734ebde8232d01ac6fde95fa5bb51f3a2 /net/netfilter/ipset/ip_set_bitmap_port.c
parent	728a7e6903af6f901eeff9a2d9ffb06d55e9b1e4 (diff)