mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-20 14:27:36 +07:00
netfilter: ipset: Check for comment netlink attribute length
Ensure userspace supplies string not longer than IPSET_MAX_COMMENT_SIZE. Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
728a7e6903
commit
037261866c
@ -364,7 +364,8 @@ static struct ip_set_type bitmap_ip_type __read_mostly = {
|
||||
[IPSET_ATTR_LINENO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
|
||||
.len = IPSET_MAX_COMMENT_SIZE },
|
||||
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
|
||||
|
@ -401,7 +401,8 @@ static struct ip_set_type bitmap_ipmac_type = {
|
||||
[IPSET_ATTR_LINENO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
|
||||
.len = IPSET_MAX_COMMENT_SIZE },
|
||||
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
|
||||
|
@ -294,7 +294,8 @@ static struct ip_set_type bitmap_port_type = {
|
||||
[IPSET_ATTR_LINENO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
|
||||
.len = IPSET_MAX_COMMENT_SIZE },
|
||||
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
|
||||
|
@ -304,7 +304,8 @@ static struct ip_set_type hash_ip_type __read_mostly = {
|
||||
[IPSET_ATTR_LINENO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
|
||||
.len = IPSET_MAX_COMMENT_SIZE },
|
||||
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
|
||||
|
@ -310,7 +310,8 @@ static struct ip_set_type hash_ipmark_type __read_mostly = {
|
||||
[IPSET_ATTR_LINENO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
|
||||
.len = IPSET_MAX_COMMENT_SIZE },
|
||||
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
|
||||
|
@ -373,7 +373,8 @@ static struct ip_set_type hash_ipport_type __read_mostly = {
|
||||
[IPSET_ATTR_LINENO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
|
||||
.len = IPSET_MAX_COMMENT_SIZE },
|
||||
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
|
||||
|
@ -385,7 +385,8 @@ static struct ip_set_type hash_ipportip_type __read_mostly = {
|
||||
[IPSET_ATTR_LINENO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
|
||||
.len = IPSET_MAX_COMMENT_SIZE },
|
||||
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
|
||||
|
@ -544,7 +544,8 @@ static struct ip_set_type hash_ipportnet_type __read_mostly = {
|
||||
[IPSET_ATTR_LINENO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
|
||||
.len = IPSET_MAX_COMMENT_SIZE },
|
||||
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
|
||||
|
@ -153,7 +153,8 @@ static struct ip_set_type hash_mac_type __read_mostly = {
|
||||
[IPSET_ATTR_LINENO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
|
||||
.len = IPSET_MAX_COMMENT_SIZE },
|
||||
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
|
||||
|
@ -386,7 +386,8 @@ static struct ip_set_type hash_net_type __read_mostly = {
|
||||
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
|
||||
.len = IPSET_MAX_COMMENT_SIZE },
|
||||
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
|
||||
|
@ -616,7 +616,8 @@ static struct ip_set_type hash_netiface_type __read_mostly = {
|
||||
[IPSET_ATTR_LINENO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
|
||||
.len = IPSET_MAX_COMMENT_SIZE },
|
||||
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
|
||||
|
@ -479,7 +479,8 @@ static struct ip_set_type hash_netnet_type __read_mostly = {
|
||||
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
|
||||
.len = IPSET_MAX_COMMENT_SIZE },
|
||||
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
|
||||
|
@ -492,7 +492,8 @@ static struct ip_set_type hash_netport_type __read_mostly = {
|
||||
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
|
||||
.len = IPSET_MAX_COMMENT_SIZE },
|
||||
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
|
||||
|
@ -580,7 +580,8 @@ static struct ip_set_type hash_netportnet_type __read_mostly = {
|
||||
[IPSET_ATTR_LINENO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
|
||||
.len = IPSET_MAX_COMMENT_SIZE },
|
||||
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
|
||||
|
@ -678,7 +678,8 @@ static struct ip_set_type list_set_type __read_mostly = {
|
||||
[IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_BYTES] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_PACKETS] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING },
|
||||
[IPSET_ATTR_COMMENT] = { .type = NLA_NUL_STRING,
|
||||
.len = IPSET_MAX_COMMENT_SIZE },
|
||||
[IPSET_ATTR_SKBMARK] = { .type = NLA_U64 },
|
||||
[IPSET_ATTR_SKBPRIO] = { .type = NLA_U32 },
|
||||
[IPSET_ATTR_SKBQUEUE] = { .type = NLA_U16 },
|
||||
|
Loading…
Reference in New Issue
Block a user