netfilter: ipset: small potential read beyond the end of buffer
commit 2196937e12b1b4ba139806d132647e1651d655df upstream. We could be reading 8 bytes into a 4 byte buffer here. It seems harmless but adding a check is the right thing to do and it silences a static checker warning. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
34a322c73a
commit
fcdba992c2
|
@ -1754,6 +1754,12 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len)
|
|||
if (*op < IP_SET_OP_VERSION) {
|
||||
/* Check the version at the beginning of operations */
|
||||
struct ip_set_req_version *req_version = data;
|
||||
|
||||
if (*len < sizeof(struct ip_set_req_version)) {
|
||||
ret = -EINVAL;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (req_version->version != IPSET_PROTOCOL) {
|
||||
ret = -EPROTO;
|
||||
goto done;
|
||||
|
|
Loading…
Reference in New Issue