Bug#732689: [stable] netfilter: ipset: Check and reject crazy /0 input parameters
On Tue, 24 Dec 2013, Ben Hutchings wrote:
> This fix went into Linux 3.7:
>
> commit b9fed748185a96b7cfe74afac4bd228e8af16f01
> Author: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
> Date: Tue Sep 4 17:45:59 2012 +0200
>
> netfilter: ipset: Check and reject crazy /0 input parameters
>
> bitmap:ip and bitmap:ip,mac type did not reject such a crazy range
> when created and using such a set results in a kernel crash.
> The hash types just silently ignored such parameters.
>
> Reject invalid /0 input parameters explicitely.
>
> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
>
> Should it also go into stable 3.x.y updates? I checked that it applies
> and builds cleanly on top of 3.2.53.
Yes, it should go into the stable updates too.
Best regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
H-1525 Budapest 114, POB. 49, Hungary
Reply to: