Revert "UBUNTU: SAUCE: (noup) netfilter: x_tables: check for size overflow"

This reverts commit 7da29bdecc58a7aa4ba54177170b89368ff04141.

Dropping this SAUCE patch and replacing it by the upstream fix for
CVE-2016-3135:

  d157bd761585 "netfilter: x_tables: check for size overflow"

The original fix (being reverted) was modified to keep only the 2nd check.

https://marc.info/?l=netfilter-devel&m=145778004016206&w=2

Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>

diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index c30aa9675a02c3010e4dd3884c88e60b356f2706..2e94272f7f858c576f17d4a2b4952a5b02e52d95 100644 (file)
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -898,9 +898,6 @@ struct xt_table_info *xt_alloc_table_info(unsigned int size)
        struct xt_table_info *info = NULL;
        size_t sz = sizeof(*info) + size;
 
-       if (sz < size || sz < sizeof(*info))
-               return NULL;
-
        /* Pedantry: prevent them from hitting BUG() in vmalloc.c --RR */
        if ((SMP_ALIGN(size) >> PAGE_SHIFT) + 2 > totalram_pages)
                return NULL;