path: root/include
diff options
authorJozsef Kadlecsik <>2016-03-08 20:29:10 +0100
committerJozsef Kadlecsik <>2016-03-08 20:29:10 +0100
commit367e198805de5027da779ab86cebd4a2c69c75d8 (patch)
tree16b0f5183b451b174696fee7b571e0a1274e5aa4 /include
parent7dcaf666bbc8290f8eb0eb3ec4dd0c5631020347 (diff)
netfilter: ipset: Check IPSET_ATTR_ETHER netlink attribute length
Julia Lawall pointed out that IPSET_ATTR_ETHER netlink attribute length was not checked explicitly, just for the maximum possible size. Malicious netlink clients could send shorter attribute and thus resulting a kernel read after the buffer. The patch adds the explicit length checkings. Reported-by: Julia Lawall <> Signed-off-by: Jozsef Kadlecsik <>
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions