aboutsummaryrefslogtreecommitdiff
path: root/drivers/usb/cdns3/cdns3-trace.h
diff options
context:
space:
mode:
authorFlorian Westphal <[email protected]>2018-03-09 14:27:31 +0100
committerPablo Neira Ayuso <[email protected]>2018-03-11 21:24:49 +0100
commitc8d70a700a5b486bfa8e5a7d33d805389f6e59f9 (patch)
treeb0f6d0d872b182ce70ce13a2709705bb7cb8ec38 /drivers/usb/cdns3/cdns3-trace.h
parentb1d0a5d0cba4597c0394997b2d5fced3e3841b4e (diff)
netfilter: bridge: ebt_among: add more missing match size checks
ebt_among is special, it has a dynamic match size and is exempt from the central size checks. commit c4585a2823edf ("bridge: ebt_among: add missing match size checks") added validation for pool size, but missed fact that the macros ebt_among_wh_src/dst can already return out-of-bound result because they do not check value of wh_src/dst_ofs (an offset) vs. the size of the match that userspace gave to us. v2: check that offset has correct alignment. Paolo Abeni points out that we should also check that src/dst wormhash arrays do not overlap, and src + length lines up with start of dst (or vice versa). v3: compact wormhash_sizes_valid() part NB: Fixes tag is intentionally wrong, this bug exists from day one when match was added for 2.6 kernel. Tag is there so stable maintainers will notice this one too. Tested with same rules from the earlier patch. Fixes: c4585a2823edf ("bridge: ebt_among: add missing match size checks") Reported-by: <[email protected]> Signed-off-by: Florian Westphal <[email protected]> Reviewed-by: Eric Dumazet <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
Diffstat (limited to 'drivers/usb/cdns3/cdns3-trace.h')
0 files changed, 0 insertions, 0 deletions