* [patch -mainline] netfilter: ipset: small potential read beyond the end of buffer @ 2014-11-07 6:21 ` Dan Carpenter 0 siblings, 0 replies; 14+ messages in thread From: Dan Carpenter @ 2014-11-07 6:21 UTC (permalink / raw) To: Pablo Neira Ayuso Cc: Patrick McHardy, Jozsef Kadlecsik, David S. Miller, Sergey Popovich, Masanari Iida, Anton Danilov, stephen hemminger, netfilter-devel, coreteam, netdev, kernel-janitors We could be reading 8 bytes into a 4 byte buffer here. It seems harmless but adding a check is the right thing to do and it silences a static checker warning. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index 86f9d76..ac08a3f 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -1863,7 +1863,8 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len) if (*op < IP_SET_OP_VERSION) { /* Check the version at the beginning of operations */ struct ip_set_req_version *req_version = data; - if (req_version->version != IPSET_PROTOCOL) { + if (*len < sizeof(struct ip_set_req_version) || + req_version->version != IPSET_PROTOCOL) { ret = -EPROTO; goto done; } ^ permalink raw reply related [flat|nested] 14+ messages in thread
* [patch -mainline] netfilter: ipset: small potential read beyond the end of buffer @ 2014-11-07 6:21 ` Dan Carpenter 0 siblings, 0 replies; 14+ messages in thread From: Dan Carpenter @ 2014-11-07 6:21 UTC (permalink / raw) To: Pablo Neira Ayuso Cc: Patrick McHardy, Jozsef Kadlecsik, David S. Miller, Sergey Popovich, Masanari Iida, Anton Danilov, stephen hemminger, netfilter-devel, coreteam, netdev, kernel-janitors We could be reading 8 bytes into a 4 byte buffer here. It seems harmless but adding a check is the right thing to do and it silences a static checker warning. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index 86f9d76..ac08a3f 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -1863,7 +1863,8 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len) if (*op < IP_SET_OP_VERSION) { /* Check the version at the beginning of operations */ struct ip_set_req_version *req_version = data; - if (req_version->version != IPSET_PROTOCOL) { + if (*len < sizeof(struct ip_set_req_version) || + req_version->version != IPSET_PROTOCOL) { ret = -EPROTO; goto done; } ^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [patch -mainline] netfilter: ipset: small potential read beyond the end of buffer 2014-11-07 6:21 ` Dan Carpenter @ 2014-11-10 14:24 ` Pablo Neira Ayuso -1 siblings, 0 replies; 14+ messages in thread From: Pablo Neira Ayuso @ 2014-11-10 14:24 UTC (permalink / raw) To: Dan Carpenter Cc: Patrick McHardy, Jozsef Kadlecsik, David S. Miller, Sergey Popovich, Masanari Iida, Anton Danilov, stephen hemminger, netfilter-devel, coreteam, netdev, kernel-janitors On Fri, Nov 07, 2014 at 09:21:40AM +0300, Dan Carpenter wrote: > We could be reading 8 bytes into a 4 byte buffer here. It seems > harmless but adding a check is the right thing to do and it silences a > static checker warning. > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c > index 86f9d76..ac08a3f 100644 > --- a/net/netfilter/ipset/ip_set_core.c > +++ b/net/netfilter/ipset/ip_set_core.c > @@ -1863,7 +1863,8 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len) > if (*op < IP_SET_OP_VERSION) { > /* Check the version at the beginning of operations */ > struct ip_set_req_version *req_version = data; > - if (req_version->version != IPSET_PROTOCOL) { > + if (*len < sizeof(struct ip_set_req_version) || > + req_version->version != IPSET_PROTOCOL) { > ret = -EPROTO; > goto done; Thanks for catching up this. From other similar code in that location, I can see Jozsef is using this pattern: if (*len != sizeof(struct ip_set_req_version)) { ret = -EINVAL; goto done; } I think it would be good to stick to that for consistency. Thanks. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [patch -mainline] netfilter: ipset: small potential read beyond the end of buffer @ 2014-11-10 14:24 ` Pablo Neira Ayuso 0 siblings, 0 replies; 14+ messages in thread From: Pablo Neira Ayuso @ 2014-11-10 14:24 UTC (permalink / raw) To: Dan Carpenter Cc: Patrick McHardy, Jozsef Kadlecsik, David S. Miller, Sergey Popovich, Masanari Iida, Anton Danilov, stephen hemminger, netfilter-devel, coreteam, netdev, kernel-janitors On Fri, Nov 07, 2014 at 09:21:40AM +0300, Dan Carpenter wrote: > We could be reading 8 bytes into a 4 byte buffer here. It seems > harmless but adding a check is the right thing to do and it silences a > static checker warning. > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c > index 86f9d76..ac08a3f 100644 > --- a/net/netfilter/ipset/ip_set_core.c > +++ b/net/netfilter/ipset/ip_set_core.c > @@ -1863,7 +1863,8 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len) > if (*op < IP_SET_OP_VERSION) { > /* Check the version at the beginning of operations */ > struct ip_set_req_version *req_version = data; > - if (req_version->version != IPSET_PROTOCOL) { > + if (*len < sizeof(struct ip_set_req_version) || > + req_version->version != IPSET_PROTOCOL) { > ret = -EPROTO; > goto done; Thanks for catching up this. >From other similar code in that location, I can see Jozsef is using this pattern: if (*len != sizeof(struct ip_set_req_version)) { ret = -EINVAL; goto done; } I think it would be good to stick to that for consistency. Thanks. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [patch -mainline] netfilter: ipset: small potential read beyond the end of buffer 2014-11-10 14:24 ` Pablo Neira Ayuso @ 2014-11-10 14:27 ` Jozsef Kadlecsik -1 siblings, 0 replies; 14+ messages in thread From: Jozsef Kadlecsik @ 2014-11-10 14:27 UTC (permalink / raw) To: Pablo Neira Ayuso Cc: Dan Carpenter, Patrick McHardy, David S. Miller, Sergey Popovich, Masanari Iida, Anton Danilov, stephen hemminger, netfilter-devel, coreteam, netdev, kernel-janitors On Mon, 10 Nov 2014, Pablo Neira Ayuso wrote: > On Fri, Nov 07, 2014 at 09:21:40AM +0300, Dan Carpenter wrote: > > We could be reading 8 bytes into a 4 byte buffer here. It seems > > harmless but adding a check is the right thing to do and it silences a > > static checker warning. > > > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > > > diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c > > index 86f9d76..ac08a3f 100644 > > --- a/net/netfilter/ipset/ip_set_core.c > > +++ b/net/netfilter/ipset/ip_set_core.c > > @@ -1863,7 +1863,8 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len) > > if (*op < IP_SET_OP_VERSION) { > > /* Check the version at the beginning of operations */ > > struct ip_set_req_version *req_version = data; > > - if (req_version->version != IPSET_PROTOCOL) { > > + if (*len < sizeof(struct ip_set_req_version) || > > + req_version->version != IPSET_PROTOCOL) { > > ret = -EPROTO; > > goto done; > > Thanks for catching up this. > > >From other similar code in that location, I can see Jozsef is using > this pattern: > > if (*len != sizeof(struct ip_set_req_version)) { > ret = -EINVAL; > goto done; > } > > I think it would be good to stick to that for consistency. Thanks. Absolutely, yes. Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Best regards, Jozsef - E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [patch -mainline] netfilter: ipset: small potential read beyond the end of buffer @ 2014-11-10 14:27 ` Jozsef Kadlecsik 0 siblings, 0 replies; 14+ messages in thread From: Jozsef Kadlecsik @ 2014-11-10 14:27 UTC (permalink / raw) To: Pablo Neira Ayuso Cc: Dan Carpenter, Patrick McHardy, David S. Miller, Sergey Popovich, Masanari Iida, Anton Danilov, stephen hemminger, netfilter-devel, coreteam, netdev, kernel-janitors On Mon, 10 Nov 2014, Pablo Neira Ayuso wrote: > On Fri, Nov 07, 2014 at 09:21:40AM +0300, Dan Carpenter wrote: > > We could be reading 8 bytes into a 4 byte buffer here. It seems > > harmless but adding a check is the right thing to do and it silences a > > static checker warning. > > > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > > > diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c > > index 86f9d76..ac08a3f 100644 > > --- a/net/netfilter/ipset/ip_set_core.c > > +++ b/net/netfilter/ipset/ip_set_core.c > > @@ -1863,7 +1863,8 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len) > > if (*op < IP_SET_OP_VERSION) { > > /* Check the version at the beginning of operations */ > > struct ip_set_req_version *req_version = data; > > - if (req_version->version != IPSET_PROTOCOL) { > > + if (*len < sizeof(struct ip_set_req_version) || > > + req_version->version != IPSET_PROTOCOL) { > > ret = -EPROTO; > > goto done; > > Thanks for catching up this. > > >From other similar code in that location, I can see Jozsef is using > this pattern: > > if (*len != sizeof(struct ip_set_req_version)) { > ret = -EINVAL; > goto done; > } > > I think it would be good to stick to that for consistency. Thanks. Absolutely, yes. Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Best regards, Jozsef - E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [patch -mainline] netfilter: ipset: small potential read beyond the end of buffer 2014-11-10 14:27 ` Jozsef Kadlecsik @ 2014-11-10 16:11 ` Pablo Neira Ayuso -1 siblings, 0 replies; 14+ messages in thread From: Pablo Neira Ayuso @ 2014-11-10 16:11 UTC (permalink / raw) To: Jozsef Kadlecsik Cc: Dan Carpenter, Patrick McHardy, David S. Miller, Sergey Popovich, Masanari Iida, Anton Danilov, stephen hemminger, netfilter-devel, coreteam, netdev, kernel-janitors [-- Attachment #1: Type: text/plain, Size: 653 bytes --] On Mon, Nov 10, 2014 at 03:27:51PM +0100, Jozsef Kadlecsik wrote: > On Mon, 10 Nov 2014, Pablo Neira Ayuso wrote: > > >From other similar code in that location, I can see Jozsef is using > > this pattern: > > > > if (*len != sizeof(struct ip_set_req_version)) { > > ret = -EINVAL; > > goto done; > > } > > > > I think it would be good to stick to that for consistency. Thanks. > > Absolutely, yes. > > Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> OK, then does this look fine to you? I took over Dan's patch and gave it another spin. See it attached, thanks. [-- Attachment #2: 0001-netfilter-ipset-small-potential-read-beyond-the-end-.patch --] [-- Type: text/x-diff, Size: 1221 bytes --] From d67bad383d4ea9dea8872e3999324ccbeb2a5815 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter@oracle.com> Date: Fri, 7 Nov 2014 09:21:40 +0300 Subject: [PATCH] netfilter: ipset: small potential read beyond the end of buffer We could be reading 8 bytes into a 4 byte buffer here. It seems harmless but adding a check is the right thing to do and it silences a static checker warning. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- net/netfilter/ipset/ip_set_core.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index 86f9d76..d259da3 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -1863,6 +1863,12 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len) if (*op < IP_SET_OP_VERSION) { /* Check the version at the beginning of operations */ struct ip_set_req_version *req_version = data; + + if (*len < sizeof(struct ip_set_req_version)) { + ret = -EINVAL; + goto done; + } + if (req_version->version != IPSET_PROTOCOL) { ret = -EPROTO; goto done; -- 1.7.10.4 ^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [patch -mainline] netfilter: ipset: small potential read beyond the end of buffer @ 2014-11-10 16:11 ` Pablo Neira Ayuso 0 siblings, 0 replies; 14+ messages in thread From: Pablo Neira Ayuso @ 2014-11-10 16:11 UTC (permalink / raw) To: Jozsef Kadlecsik Cc: Dan Carpenter, Patrick McHardy, David S. Miller, Sergey Popovich, Masanari Iida, Anton Danilov, stephen hemminger, netfilter-devel, coreteam, netdev, kernel-janitors [-- Attachment #1: Type: text/plain, Size: 653 bytes --] On Mon, Nov 10, 2014 at 03:27:51PM +0100, Jozsef Kadlecsik wrote: > On Mon, 10 Nov 2014, Pablo Neira Ayuso wrote: > > >From other similar code in that location, I can see Jozsef is using > > this pattern: > > > > if (*len != sizeof(struct ip_set_req_version)) { > > ret = -EINVAL; > > goto done; > > } > > > > I think it would be good to stick to that for consistency. Thanks. > > Absolutely, yes. > > Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> OK, then does this look fine to you? I took over Dan's patch and gave it another spin. See it attached, thanks. [-- Attachment #2: 0001-netfilter-ipset-small-potential-read-beyond-the-end-.patch --] [-- Type: text/x-diff, Size: 1222 bytes --] >From d67bad383d4ea9dea8872e3999324ccbeb2a5815 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter@oracle.com> Date: Fri, 7 Nov 2014 09:21:40 +0300 Subject: [PATCH] netfilter: ipset: small potential read beyond the end of buffer We could be reading 8 bytes into a 4 byte buffer here. It seems harmless but adding a check is the right thing to do and it silences a static checker warning. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- net/netfilter/ipset/ip_set_core.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index 86f9d76..d259da3 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -1863,6 +1863,12 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len) if (*op < IP_SET_OP_VERSION) { /* Check the version at the beginning of operations */ struct ip_set_req_version *req_version = data; + + if (*len < sizeof(struct ip_set_req_version)) { + ret = -EINVAL; + goto done; + } + if (req_version->version != IPSET_PROTOCOL) { ret = -EPROTO; goto done; -- 1.7.10.4 ^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [patch -mainline] netfilter: ipset: small potential read beyond the end of buffer 2014-11-10 16:11 ` Pablo Neira Ayuso @ 2014-11-10 21:00 ` Jozsef Kadlecsik -1 siblings, 0 replies; 14+ messages in thread From: Jozsef Kadlecsik @ 2014-11-10 20:59 UTC (permalink / raw) To: Pablo Neira Ayuso Cc: Dan Carpenter, Patrick McHardy, David S. Miller, Sergey Popovich, Masanari Iida, Anton Danilov, stephen hemminger, netfilter-devel, coreteam, netdev, kernel-janitors On Mon, 10 Nov 2014, Pablo Neira Ayuso wrote: > On Mon, Nov 10, 2014 at 03:27:51PM +0100, Jozsef Kadlecsik wrote: > > On Mon, 10 Nov 2014, Pablo Neira Ayuso wrote: > > > >From other similar code in that location, I can see Jozsef is using > > > this pattern: > > > > > > if (*len != sizeof(struct ip_set_req_version)) { > > > ret = -EINVAL; > > > goto done; > > > } > > > > > > I think it would be good to stick to that for consistency. Thanks. > > > > Absolutely, yes. > > > > Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> > > OK, then does this look fine to you? I took over Dan's patch and gave > it another spin. See it attached, thanks. Yes, it's better this way, thanks! Best regards, Jozsef - E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [patch -mainline] netfilter: ipset: small potential read beyond the end of buffer @ 2014-11-10 21:00 ` Jozsef Kadlecsik 0 siblings, 0 replies; 14+ messages in thread From: Jozsef Kadlecsik @ 2014-11-10 21:00 UTC (permalink / raw) To: Pablo Neira Ayuso Cc: Dan Carpenter, Patrick McHardy, David S. Miller, Sergey Popovich, Masanari Iida, Anton Danilov, stephen hemminger, netfilter-devel, coreteam, netdev, kernel-janitors On Mon, 10 Nov 2014, Pablo Neira Ayuso wrote: > On Mon, Nov 10, 2014 at 03:27:51PM +0100, Jozsef Kadlecsik wrote: > > On Mon, 10 Nov 2014, Pablo Neira Ayuso wrote: > > > >From other similar code in that location, I can see Jozsef is using > > > this pattern: > > > > > > if (*len != sizeof(struct ip_set_req_version)) { > > > ret = -EINVAL; > > > goto done; > > > } > > > > > > I think it would be good to stick to that for consistency. Thanks. > > > > Absolutely, yes. > > > > Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> > > OK, then does this look fine to you? I took over Dan's patch and gave > it another spin. See it attached, thanks. Yes, it's better this way, thanks! Best regards, Jozsef - E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [patch -mainline] netfilter: ipset: small potential read beyond the end of buffer 2014-11-10 21:00 ` Jozsef Kadlecsik @ 2014-11-11 13:17 ` Pablo Neira Ayuso -1 siblings, 0 replies; 14+ messages in thread From: Pablo Neira Ayuso @ 2014-11-11 13:17 UTC (permalink / raw) To: Jozsef Kadlecsik Cc: Dan Carpenter, Patrick McHardy, David S. Miller, Sergey Popovich, Masanari Iida, Anton Danilov, stephen hemminger, netfilter-devel, coreteam, netdev, kernel-janitors On Mon, Nov 10, 2014 at 10:00:20PM +0100, Jozsef Kadlecsik wrote: > On Mon, 10 Nov 2014, Pablo Neira Ayuso wrote: > > > On Mon, Nov 10, 2014 at 03:27:51PM +0100, Jozsef Kadlecsik wrote: > > > On Mon, 10 Nov 2014, Pablo Neira Ayuso wrote: > > > > >From other similar code in that location, I can see Jozsef is using > > > > this pattern: > > > > > > > > if (*len != sizeof(struct ip_set_req_version)) { > > > > ret = -EINVAL; > > > > goto done; > > > > } > > > > > > > > I think it would be good to stick to that for consistency. Thanks. > > > > > > Absolutely, yes. > > > > > > Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> > > > > OK, then does this look fine to you? I took over Dan's patch and gave > > it another spin. See it attached, thanks. > > Yes, it's better this way, thanks! Applied, thanks Dan and Jozsef. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [patch -mainline] netfilter: ipset: small potential read beyond the end of buffer @ 2014-11-11 13:17 ` Pablo Neira Ayuso 0 siblings, 0 replies; 14+ messages in thread From: Pablo Neira Ayuso @ 2014-11-11 13:17 UTC (permalink / raw) To: Jozsef Kadlecsik Cc: Dan Carpenter, Patrick McHardy, David S. Miller, Sergey Popovich, Masanari Iida, Anton Danilov, stephen hemminger, netfilter-devel, coreteam, netdev, kernel-janitors On Mon, Nov 10, 2014 at 10:00:20PM +0100, Jozsef Kadlecsik wrote: > On Mon, 10 Nov 2014, Pablo Neira Ayuso wrote: > > > On Mon, Nov 10, 2014 at 03:27:51PM +0100, Jozsef Kadlecsik wrote: > > > On Mon, 10 Nov 2014, Pablo Neira Ayuso wrote: > > > > >From other similar code in that location, I can see Jozsef is using > > > > this pattern: > > > > > > > > if (*len != sizeof(struct ip_set_req_version)) { > > > > ret = -EINVAL; > > > > goto done; > > > > } > > > > > > > > I think it would be good to stick to that for consistency. Thanks. > > > > > > Absolutely, yes. > > > > > > Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> > > > > OK, then does this look fine to you? I took over Dan's patch and gave > > it another spin. See it attached, thanks. > > Yes, it's better this way, thanks! Applied, thanks Dan and Jozsef. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [patch -mainline] netfilter: ipset: small potential read beyond the end of buffer 2014-11-10 16:11 ` Pablo Neira Ayuso @ 2014-11-10 22:38 ` Dan Carpenter -1 siblings, 0 replies; 14+ messages in thread From: Dan Carpenter @ 2014-11-10 22:38 UTC (permalink / raw) To: Pablo Neira Ayuso Cc: Jozsef Kadlecsik, Patrick McHardy, David S. Miller, Sergey Popovich, Masanari Iida, Anton Danilov, stephen hemminger, netfilter-devel, coreteam, netdev, kernel-janitors On Mon, Nov 10, 2014 at 05:11:21PM +0100, Pablo Neira Ayuso wrote: > OK, then does this look fine to you? I took over Dan's patch and gave > it another spin. See it attached, thanks. Looks good to me, thanks. regards, dan carpenter ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [patch -mainline] netfilter: ipset: small potential read beyond the end of buffer @ 2014-11-10 22:38 ` Dan Carpenter 0 siblings, 0 replies; 14+ messages in thread From: Dan Carpenter @ 2014-11-10 22:38 UTC (permalink / raw) To: Pablo Neira Ayuso Cc: Jozsef Kadlecsik, Patrick McHardy, David S. Miller, Sergey Popovich, Masanari Iida, Anton Danilov, stephen hemminger, netfilter-devel, coreteam, netdev, kernel-janitors On Mon, Nov 10, 2014 at 05:11:21PM +0100, Pablo Neira Ayuso wrote: > OK, then does this look fine to you? I took over Dan's patch and gave > it another spin. See it attached, thanks. Looks good to me, thanks. regards, dan carpenter ^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2014-11-11 13:17 UTC | newest] Thread overview: 14+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-11-07 6:21 [patch -mainline] netfilter: ipset: small potential read beyond the end of buffer Dan Carpenter 2014-11-07 6:21 ` Dan Carpenter 2014-11-10 14:24 ` Pablo Neira Ayuso 2014-11-10 14:24 ` Pablo Neira Ayuso 2014-11-10 14:27 ` Jozsef Kadlecsik 2014-11-10 14:27 ` Jozsef Kadlecsik 2014-11-10 16:11 ` Pablo Neira Ayuso 2014-11-10 16:11 ` Pablo Neira Ayuso 2014-11-10 20:59 ` Jozsef Kadlecsik 2014-11-10 21:00 ` Jozsef Kadlecsik 2014-11-11 13:17 ` Pablo Neira Ayuso 2014-11-11 13:17 ` Pablo Neira Ayuso 2014-11-10 22:38 ` Dan Carpenter 2014-11-10 22:38 ` Dan Carpenter
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.