Eric Dumazet <eric.duma...@gmail.com> wrote: > From: Eric Dumazet <eduma...@google.com> > > syzbot found that we are not validating user input properly > before copying 16 bytes [1]. > Using NLA_BINARY in ipaddr_policy[] for IPv6 address is not correct, > since it ensures at most 16 bytes were provided.
Thanks Eric. Looks like this is the only case in ipset, the other 3
NLA_BINARY users do a
nla_len(tb[IPSET_ATTR_ETHER]) != ETH_ALEN))
before copying.
