projects / openwrt / staging / blogic.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4fe198e) | patch
netfilter: cttimeout: fix buffer overflow
authorFlorian Westphal <fw@strlen.de>
Wed, 21 Nov 2012 01:37:38 +0000 (01:37 +0000)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 21 Nov 2012 22:50:14 +0000 (23:50 +0100)
commite93b5f9f320db431ec8623a4c667811007e07fd7
tree803a3d7270e04f520474ecec895f8e7f5f05644ctree | snapshot
parent4fe198e6b136c516df493ec325ab8f70d470f477commit | diff
netfilter: cttimeout: fix buffer overflow

Chen Gang reports:
the length of nla_data(cda[CTA_TIMEOUT_NAME]) is not limited in server side.

And indeed, its used to strcpy to a fixed-sized buffer.

Fortunately, nfnetlink users need CAP_NET_ADMIN.

Reported-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nfnetlink_cttimeout.c diff | blob | history
John Crispins staging tree