netfilter: ipset: Check for comment netlink attribute length
authorSergey Popovich <popovich_sergei@mail.ua>
Sat, 2 May 2015 17:28:16 +0000 (19:28 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 13 May 2015 11:25:47 +0000 (13:25 +0200)
commit037261866c8dd164c426580160973eb2d68f688c
treef3a6c97734ebde8232d01ac6fde95fa5bb51f3a2
parent728a7e6903af6f901eeff9a2d9ffb06d55e9b1e4
netfilter: ipset: Check for comment netlink attribute length

Ensure userspace supplies string not longer than
IPSET_MAX_COMMENT_SIZE.

Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
15 files changed:
net/netfilter/ipset/ip_set_bitmap_ip.c
net/netfilter/ipset/ip_set_bitmap_ipmac.c
net/netfilter/ipset/ip_set_bitmap_port.c
net/netfilter/ipset/ip_set_hash_ip.c
net/netfilter/ipset/ip_set_hash_ipmark.c
net/netfilter/ipset/ip_set_hash_ipport.c
net/netfilter/ipset/ip_set_hash_ipportip.c
net/netfilter/ipset/ip_set_hash_ipportnet.c
net/netfilter/ipset/ip_set_hash_mac.c
net/netfilter/ipset/ip_set_hash_net.c
net/netfilter/ipset/ip_set_hash_netiface.c
net/netfilter/ipset/ip_set_hash_netnet.c
net/netfilter/ipset/ip_set_hash_netport.c
net/netfilter/ipset/ip_set_hash_netportnet.c
net/netfilter/ipset/ip_set_list_set.c