Skip to content
Commit 32c72165 authored by Kadlecsik József's avatar Kadlecsik József Committed by Pablo Neira Ayuso
Browse files

netfilter: ipset: use bitmap infrastructure completely 



The bitmap allocation did not use full unsigned long sizes
when calculating the required size and that was triggered by KASAN
as slab-out-of-bounds read in several places. The patch fixes all
of them.

Reported-by: default avatar <syzbot+fabca5cbf5e54f3fe2de@syzkaller.appspotmail.com>
Reported-by: default avatar <syzbot+827ced406c9a1d9570ed@syzkaller.appspotmail.com>
Reported-by: default avatar <syzbot+190d63957b22ef673ea5@syzkaller.appspotmail.com>
Reported-by: default avatar <syzbot+dfccdb2bdb4a12ad425e@syzkaller.appspotmail.com>
Reported-by: default avatar <syzbot+df0d0f5895ef1f41a65b@syzkaller.appspotmail.com>
Reported-by: default avatar <syzbot+b08bd19bb37513357fd4@syzkaller.appspotmail.com>
Reported-by: default avatar <syzbot+53cdd0ec0bbabd53370a@syzkaller.appspotmail.com>
Signed-off-by: default avatarJozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 7eaecf79
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment