From mboxrd@z Thu Jan 1 00:00:00 1970 From: Simon Horman Subject: Re: [PATCH] ipvs: Add boundary check on ioctl arguments Date: Tue, 5 Jan 2010 10:25:33 +1100 Message-ID: <20100104232533.GD2554@verge.net.au> References: <20091229015822.GF10172@verge.net.au> <4B41F453.1090802@trash.net> <4B420A89.2010907@linux.intel.com> <4B420B97.5000302@trash.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Arjan van de Ven , netdev@vger.kernel.org, lvs-devel@vger.kernel.org, Wensong Zhang , Julian Anastasov , David Miller To: Patrick McHardy Return-path: Content-Disposition: inline In-Reply-To: <4B420B97.5000302@trash.net> Sender: lvs-devel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org On Mon, Jan 04, 2010 at 04:39:03PM +0100, Patrick McHardy wrote: > Arjan van de Ven wrote: > > On 1/4/2010 5:59, Patrick McHardy wrote: > > > > [sorry for the late response, just got back from a good holiday, which > > means no work email access ;-) ] > > > >> Simon Horman wrote: > > > >>> I agree with Julian's assessment that your patch shouldn't be > >>> necessary, but on the other hand I think that the checks are > >>> reasonable. Your original patch made checks of the form of > >>> "cmd> IP_VS_SO_GET_MAX + 1". I have updated this to > >>> "cmd> IP_VS_SO_GET_MAX", as suggested by Julian, as the optmax > >>> elements of struct nf_sockopt_ops set a non-inclusive range. > >>> > >>> http://lkml.indiana.edu/hypermail/linux/kernel/0910.0/00852.html > >>> > >>> Index: net-next-2.6/net/netfilter/ipvs/ip_vs_ctl.c > >> > >> As a bugfix, this seems more appropriate for net-2.6.git. Please let > >> me know which tree you want me to apply this to. > > > > this really ought to go into 2.6.33..... > > Thanks, applied and will send it upstream soon. Thanks