Patchwork [1/2] netfilter: ipset: fix netiface set name overflow

login
register
mail settings
Submitter Florian Westphal
Date Nov. 22, 2012, 11:32 a.m.
Message ID <1353583966-12402-1-git-send-email-fw@strlen.de>
Download mbox | patch
Permalink /patch/201169/
State Accepted
Headers show

Comments

Florian Westphal - Nov. 22, 2012, 11:32 a.m.
attribute is copied to IFNAMSIZ-size stack variable,
but IFNAMSIZ is smaller than IPSET_MAXNAMELEN.

Fortunately nfnetlink needs CAP_NET_ADMIN.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 net/netfilter/ipset/ip_set_hash_netiface.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
Jozsef Kadlecsik - Nov. 22, 2012, 8:42 p.m.
Hi Florian,

On Thu, 22 Nov 2012, Florian Westphal wrote:

> attribute is copied to IFNAMSIZ-size stack variable,
> but IFNAMSIZ is smaller than IPSET_MAXNAMELEN.
> 
> Fortunately nfnetlink needs CAP_NET_ADMIN.

Good catch! Pablo, the patch should be applied to the -stable tree down to 
3.2.x.

Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

Best regards,
Jozsef 

> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
>  net/netfilter/ipset/ip_set_hash_netiface.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/net/netfilter/ipset/ip_set_hash_netiface.c b/net/netfilter/ipset/ip_set_hash_netiface.c
> index b9a6338..45a1014 100644
> --- a/net/netfilter/ipset/ip_set_hash_netiface.c
> +++ b/net/netfilter/ipset/ip_set_hash_netiface.c
> @@ -793,7 +793,7 @@ static struct ip_set_type hash_netiface_type __read_mostly = {
>  		[IPSET_ATTR_IP]		= { .type = NLA_NESTED },
>  		[IPSET_ATTR_IP_TO]	= { .type = NLA_NESTED },
>  		[IPSET_ATTR_IFACE]	= { .type = NLA_NUL_STRING,
> -					    .len = IPSET_MAXNAMELEN - 1 },
> +					    .len  = IFNAMSIZ - 1 },
>  		[IPSET_ATTR_CADT_FLAGS]	= { .type = NLA_U32 },
>  		[IPSET_ATTR_CIDR]	= { .type = NLA_U8 },
>  		[IPSET_ATTR_TIMEOUT]	= { .type = NLA_U32 },
> -- 
> 1.7.8.6
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

-
E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Pablo Neira - Nov. 24, 2012, 11:02 p.m.
On Thu, Nov 22, 2012 at 12:32:45PM +0100, Florian Westphal wrote:
> attribute is copied to IFNAMSIZ-size stack variable,
> but IFNAMSIZ is smaller than IPSET_MAXNAMELEN.
> 
> Fortunately nfnetlink needs CAP_NET_ADMIN.

Good. Applied, thanks Florian.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/netfilter/ipset/ip_set_hash_netiface.c b/net/netfilter/ipset/ip_set_hash_netiface.c
index b9a6338..45a1014 100644
--- a/net/netfilter/ipset/ip_set_hash_netiface.c
+++ b/net/netfilter/ipset/ip_set_hash_netiface.c
@@ -793,7 +793,7 @@  static struct ip_set_type hash_netiface_type __read_mostly = {
 		[IPSET_ATTR_IP]		= { .type = NLA_NESTED },
 		[IPSET_ATTR_IP_TO]	= { .type = NLA_NESTED },
 		[IPSET_ATTR_IFACE]	= { .type = NLA_NUL_STRING,
-					    .len = IPSET_MAXNAMELEN - 1 },
+					    .len  = IFNAMSIZ - 1 },
 		[IPSET_ATTR_CADT_FLAGS]	= { .type = NLA_U32 },
 		[IPSET_ATTR_CIDR]	= { .type = NLA_U8 },
 		[IPSET_ATTR_TIMEOUT]	= { .type = NLA_U32 },