Gitiles
Code Review Sign In
android-review.linaro.org / kernel / hikey-linaro / 961ed183a9fd080cf306c659b8736007e44065a5
commit961ed183a9fd080cf306c659b8736007e44065a5[log] [tgz]
authorVasiliy Kulikov <segoon@openwall.com>Sun Mar 20 15:42:52 2011 +0100
committerPatrick McHardy <kaber@trash.net>Sun Mar 20 15:42:52 2011 +0100
tree7bf0a65c184a2c4fc0571ff9af8ce633efc73bcf
parentdb856674ac69e31946e56085239757cca3f7655f [diff]
netfilter: ipt_CLUSTERIP: fix buffer overflow

'buffer' string is copied from userspace.  It is not checked whether it is
zero terminated.  This may lead to overflow inside of simple_strtoul().
Changli Gao suggested to copy not more than user supplied 'size' bytes.

It was introduced before the git epoch.  Files "ipt_CLUSTERIP/*" are
root writable only by default, however, on some setups permissions might be
relaxed to e.g. network admin user.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Acked-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
1 file changed
tree: 7bf0a65c184a2c4fc0571ff9af8ce633efc73bcf
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS