diff options
author | Florian Westphal <fw@strlen.de> | 2012-11-20 20:37:38 -0500 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-11-21 17:50:14 -0500 |
commit | e93b5f9f320db431ec8623a4c667811007e07fd7 (patch) | |
tree | 803a3d7270e04f520474ecec895f8e7f5f05644c /net/ipv4/route.c | |
parent | 4fe198e6b136c516df493ec325ab8f70d470f477 (diff) |
netfilter: cttimeout: fix buffer overflow
Chen Gang reports:
the length of nla_data(cda[CTA_TIMEOUT_NAME]) is not limited in server side.
And indeed, its used to strcpy to a fixed-sized buffer.
Fortunately, nfnetlink users need CAP_NET_ADMIN.
Reported-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv4/route.c')
0 files changed, 0 insertions, 0 deletions