From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Miller <davem@davemloft.net>
Subject: Re: [PATCH net] net: sched: act_ipt: check for underflow in
 __tcf_ipt_init()
Date: Mon, 01 Oct 2018 22:34:28 -0700 (PDT)
Message-ID: <20181001.223428.810557942317894005.davem@davemloft.net>
References: <20180922134648.GA7027@mwanda>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: jhs@mojatatu.com, kaber@trash.net, xiyou.wangcong@gmail.com,
        jiri@resnulli.us, netdev@vger.kernel.org,
        kernel-janitors@vger.kernel.org
To: dan.carpenter@oracle.com
Return-path: <netdev-owner@vger.kernel.org>
Received: from shards.monkeyblade.net ([23.128.96.9]:37420 "EHLO
        shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726305AbeJBMPw (ORCPT
        <rfc822;netdev@vger.kernel.org>); Tue, 2 Oct 2018 08:15:52 -0400
In-Reply-To: <20180922134648.GA7027@mwanda>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Sat, 22 Sep 2018 16:46:48 +0300

> If "td->u.target_size" is larger than sizeof(struct xt_entry_target) we
> return -EINVAL.  But we don't check whether it's smaller than
> sizeof(struct xt_entry_target) and that could lead to an out of bounds
> read.
> 
> Fixes: 7ba699c604ab ("[NET_SCHED]: Convert actions from rtnetlink to new netlink API")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Applied.