Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

netfilter: ipset: fix netiface set name overflow

attribute is copied to IFNAMSIZ-size stack variable,
but IFNAMSIZ is smaller than IPSET_MAXNAMELEN.

Fortunately nfnetlink needs CAP_NET_ADMIN.

Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Florian Westphal 12 years ago
parent
194d9831f0
commit
4a6dd664eb
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      net/netfilter/ipset/ip_set_hash_netiface.c

+ 1 - 1
net/netfilter/ipset/ip_set_hash_netiface.c
View File 

@@ -793,7 +793,7 @@ static struct ip_set_type hash_netiface_type __read_mostly = {
 
 		[IPSET_ATTR_IP]		= { .type = NLA_NESTED },
 
 		[IPSET_ATTR_IP_TO]	= { .type = NLA_NESTED },
 
 		[IPSET_ATTR_IFACE]	= { .type = NLA_NUL_STRING,
 
-					    .len = IPSET_MAXNAMELEN - 1 },
 
+					    .len  = IFNAMSIZ - 1 },
 
 		[IPSET_ATTR_CADT_FLAGS]	= { .type = NLA_U32 },
 
 		[IPSET_ATTR_CIDR]	= { .type = NLA_U8 },
 
 		[IPSET_ATTR_TIMEOUT]	= { .type = NLA_U32 },