forked from luck/tmp_suning_uos_patched
netfilter: ipset: off by one in ip_set_nfnl_get_byindex()
The ->ip_set_list[] array is initialized in ip_set_net_init() and it has ->ip_set_max elements so this check should be >= instead of > otherwise we are off by one. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
e37ad9fd63
commit
0f9f5e1b83
@ -659,7 +659,7 @@ ip_set_nfnl_get_byindex(struct net *net, ip_set_id_t index)
|
||||
struct ip_set *set;
|
||||
struct ip_set_net *inst = ip_set_pernet(net);
|
||||
|
||||
if (index > inst->ip_set_max)
|
||||
if (index >= inst->ip_set_max)
|
||||
return IPSET_INVALID_ID;
|
||||
|
||||
nfnl_lock(NFNL_SUBSYS_IPSET);
|
||||
|
Loading…
Reference in New Issue
Block a user