diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2014-09-15 20:48:26 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2014-09-15 22:20:20 +0200 |
commit | 73e64e1813e9ea45885419d0fff1e628a6ab95d4 (patch) | |
tree | 3621a18895f093bafe3626beb20166cc032aa98d | |
parent | 0bbe80e571c7b866afd92a98edd32a969467a7a9 (diff) | |
download | op-kernel-dev-73e64e1813e9ea45885419d0fff1e628a6ab95d4.zip op-kernel-dev-73e64e1813e9ea45885419d0fff1e628a6ab95d4.tar.gz |
netfilter: ipset: Fix static checker warning in ip_set_core.c
Dan Carpenter reported the following static checker warning:
net/netfilter/ipset/ip_set_core.c:1414 call_ad()
error: 'nlh->nlmsg_len' from user is not capped properly
The payload size is limited now by the max size of size_t.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
-rw-r--r-- | net/netfilter/ipset/ip_set_core.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index 5593e97..4ca4e5c 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -1397,7 +1397,8 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, struct ip_set *set, struct nlmsghdr *rep, *nlh = nlmsg_hdr(skb); struct sk_buff *skb2; struct nlmsgerr *errmsg; - size_t payload = sizeof(*errmsg) + nlmsg_len(nlh); + size_t payload = min(SIZE_MAX, + sizeof(*errmsg) + nlmsg_len(nlh)); int min_len = nlmsg_total_size(sizeof(struct nfgenmsg)); struct nlattr *cda[IPSET_ATTR_CMD_MAX+1]; struct nlattr *cmdattr; |