From: Florian Westphal <fw@strlen.de>
Date: Wed, 21 Nov 2012 01:37:38 +0000 (+0000)
Subject: netfilter: cttimeout: fix buffer overflow
X-Git-Tag: v3.7-rc7~13^2~4^2
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e93b5f9f320db431ec8623a4c667811007e07fd7;p=pandora-kernel.git

netfilter: cttimeout: fix buffer overflow

Chen Gang reports:
the length of nla_data(cda[CTA_TIMEOUT_NAME]) is not limited in server side.

And indeed, its used to strcpy to a fixed-sized buffer.

Fortunately, nfnetlink users need CAP_NET_ADMIN.

Reported-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

Reading git-diff-tree failed