Message ID | 1468406694-16006-2-git-send-email-luis.henriques@canonical.com |
---|---|
State | New |
Headers | show |
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index c30aa9675a02..2e94272f7f85 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -898,9 +898,6 @@ struct xt_table_info *xt_alloc_table_info(unsigned int size) struct xt_table_info *info = NULL; size_t sz = sizeof(*info) + size; - if (sz < size || sz < sizeof(*info)) - return NULL; - /* Pedantry: prevent them from hitting BUG() in vmalloc.c --RR */ if ((SMP_ALIGN(size) >> PAGE_SHIFT) + 2 > totalram_pages) return NULL;
This reverts commit 7da29bdecc58a7aa4ba54177170b89368ff04141. Dropping this SAUCE patch and replacing it by the upstream fix for CVE-2016-3135: d157bd761585 "netfilter: x_tables: check for size overflow" The original fix (being reverted) was modified to keep only the 2nd check. https://marc.info/?l=netfilter-devel&m=145778004016206&w=2 Signed-off-by: Luis Henriques <luis.henriques@canonical.com> --- net/netfilter/x_tables.c | 3 --- 1 file changed, 3 deletions(-)