netfilter: ipset: Check for comment netlink attribute length

Ensure userspace supplies string not longer than IPSET_MAX_COMMENT_SIZE. Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
author: Sergey Popovich <popovich_sergei@mail.ua> 2015-01-20 14:03:19 +0200
committer: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2015-03-23 19:17:22 +0100
commit: ae578386d16ed9868cf77e06ec83c491c7eb630b (patch)
tree: fe53150f9fb6b505ce94f787d45fe2523a805ca6 /kernel/net/netfilter/ipset/ip_set_hash_netportnet.c
parent: 4d59a90b5abaebb90087dc5e153222bc3372b5b7 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c b/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c
index 7dce7f9..0c68734 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_netportnet.c
@@ -569,7 +569,8 @@ static struct ip_set_type hash_netportnet_type __read_mostly = {
 		[IPSET_ATTR_LINENO]	= { .type = NLA_U32 },
 		[IPSET_ATTR_BYTES]	= { .type = NLA_U64 },
 		[IPSET_ATTR_PACKETS]	= { .type = NLA_U64 },
-		[IPSET_ATTR_COMMENT]	= { .type = NLA_NUL_STRING },
+		[IPSET_ATTR_COMMENT]	= { .type = NLA_NUL_STRING,
+					    .len  = IPSET_MAX_COMMENT_SIZE },
 		[IPSET_ATTR_SKBMARK]	= { .type = NLA_U64 },
 		[IPSET_ATTR_SKBPRIO]	= { .type = NLA_U32 },
 		[IPSET_ATTR_SKBQUEUE]	= { .type = NLA_U16 },
author	Sergey Popovich <popovich_sergei@mail.ua>	2015-01-20 14:03:19 +0200
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2015-03-23 19:17:22 +0100
commit	ae578386d16ed9868cf77e06ec83c491c7eb630b (patch)
tree	fe53150f9fb6b505ce94f787d45fe2523a805ca6 /kernel/net/netfilter/ipset/ip_set_hash_netportnet.c
parent	4d59a90b5abaebb90087dc5e153222bc3372b5b7 (diff)