This reverts commit
7da29bdecc58a7aa4ba54177170b89368ff04141.
Dropping this SAUCE patch and replacing it by the upstream fix for
CVE-2016-3135:
d157bd761585 "netfilter: x_tables: check for size overflow"
The original fix (being reverted) was modified to keep only the 2nd check.
https://marc.info/?l=netfilter-devel&m=
145778004016206&w=2
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
struct xt_table_info *info = NULL;
size_t sz = sizeof(*info) + size;
- if (sz < size || sz < sizeof(*info))
- return NULL;
-
/* Pedantry: prevent them from hitting BUG() in vmalloc.c --RR */
if ((SMP_ALIGN(size) >> PAGE_SHIFT) + 2 > totalram_pages)
return NULL;