diff mbox

[1/2] Revert "UBUNTU: SAUCE: (noup) netfilter: x_tables: check for size overflow"

Message ID 1468406694-16006-2-git-send-email-luis.henriques@canonical.com
State New
Headers show

Commit Message

Luis Henriques July 13, 2016, 10:44 a.m. UTC 
This reverts commit 7da29bdecc58a7aa4ba54177170b89368ff04141.

Dropping this SAUCE patch and replacing it by the upstream fix for
CVE-2016-3135:

  d157bd761585 "netfilter: x_tables: check for size overflow"

The original fix (being reverted) was modified to keep only the 2nd check.

https://marc.info/?l=netfilter-devel&m=145778004016206&w=2

Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
---
 net/netfilter/x_tables.c | 3 ---
 1 file changed, 3 deletions(-)
diff mbox

Patch

diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index c30aa9675a02..2e94272f7f85 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -898,9 +898,6 @@  struct xt_table_info *xt_alloc_table_info(unsigned int size)
 	struct xt_table_info *info = NULL;
 	size_t sz = sizeof(*info) + size;
 
-	if (sz < size || sz < sizeof(*info))
-		return NULL;
-
 	/* Pedantry: prevent them from hitting BUG() in vmalloc.c --RR */
 	if ((SMP_ALIGN(size) >> PAGE_SHIFT) + 2 > totalram_pages)
 		return NULL;