From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Pablo Neira Ayuso Subject: [PATCH 3.18 53/61] netfilter: nfnetlink: relax strict multicast group check from netlink_bind Date: Tue, 27 Jan 2015 17:27:05 -0800 Message-Id: <20150128012642.802820312@linuxfoundation.org> In-Reply-To: <20150128012636.936333725@linuxfoundation.org> References: <20150128012636.936333725@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: 3.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Pablo Neira Ayuso commit 62924af247e95de7041a6d6f2d06cdd05152e2dc upstream. Relax the checking that was introduced in 97840cb ("netfilter: nfnetlink: fix insufficient validation in nfnetlink_bind") when the subscription bitmask is used. Existing userspace code code may request to listen to all of the existing netlink groups by setting an all to one subscription group bitmask. Netlink already validates subscription via setsockopt() for us. Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman --- net/netfilter/nfnetlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/netfilter/nfnetlink.c +++ b/net/netfilter/nfnetlink.c @@ -470,7 +470,7 @@ static int nfnetlink_bind(int group) int type; if (group <= NFNLGRP_NONE || group > NFNLGRP_MAX) - return -EINVAL; + return 0; type = nfnl_group2type[group];