--- /dev/null
+From 2196937e12b1b4ba139806d132647e1651d655df Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Mon, 10 Nov 2014 17:11:21 +0100
+Subject: netfilter: ipset: small potential read beyond the end of buffer
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 2196937e12b1b4ba139806d132647e1651d655df upstream.
+
+We could be reading 8 bytes into a 4 byte buffer here. It seems
+harmless but adding a check is the right thing to do and it silences a
+static checker warning.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/ipset/ip_set_core.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/net/netfilter/ipset/ip_set_core.c
++++ b/net/netfilter/ipset/ip_set_core.c
+@@ -1754,6 +1754,12 @@ ip_set_sockfn_get(struct sock *sk, int o
+ if (*op < IP_SET_OP_VERSION) {
+ /* Check the version at the beginning of operations */
+ struct ip_set_req_version *req_version = data;
++
++ if (*len < sizeof(struct ip_set_req_version)) {
++ ret = -EINVAL;
++ goto done;
++ }
++
+ if (req_version->version != IPSET_PROTOCOL) {
+ ret = -EPROTO;
+ goto done;
x86-um-actually-mark-system-call-tables-readonly.patch
lockd-fix-a-race-when-initialising-nlmsvc_timeout.patch
mmc-sdhci-fix-sleep-in-atomic-after-inserting-sd-card.patch
+netfilter-ipset-small-potential-read-beyond-the-end-of-buffer.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
