Skip to content
Commit 1a38956c authored by Dmitry Vyukov's avatar Dmitry Vyukov Committed by Pablo Neira Ayuso
Browse files

netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check() 



Commit 136e92bb switched local_nodes from an array to a bitmask
but did not add proper bounds checks. As the result
clusterip_config_init_nodelist() can both over-read
ipt_clusterip_tgt_info.local_nodes and over-write
clusterip_config.local_nodes.

Add bounds checks for both.

Fixes: 136e92bb ("[NETFILTER] CLUSTERIP: use a bitmap to store node responsibility data")
Signed-off-by: default avatarDmitry Vyukov <dvyukov@google.com>
Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 1e98ffea
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment