diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-05-04 21:37:28 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-05-04 21:37:28 +0200 |
commit | 7219d88329cabcdd05df9477af6e2dee007b60b1 (patch) | |
tree | 1acd3e29f2bbbce49dc8e2b0e0d8ed18a9f111a3 /kernel/include/linux/netfilter/ipset/ip_set_timeout.h | |
parent | 02cb61dcb7a120b7a5f7a480fd2b43f49e28dafc (diff) |
Fix timeout value overflow bug at large timeout parameters
Large timeout parameters could result wrong timeout values due to
an overflow at msec to jiffies conversion (reported by Andreas Herz)
Diffstat (limited to 'kernel/include/linux/netfilter/ipset/ip_set_timeout.h')
-rw-r--r-- | kernel/include/linux/netfilter/ipset/ip_set_timeout.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/kernel/include/linux/netfilter/ipset/ip_set_timeout.h b/kernel/include/linux/netfilter/ipset/ip_set_timeout.h index 4792320..9fba34f 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set_timeout.h +++ b/kernel/include/linux/netfilter/ipset/ip_set_timeout.h @@ -30,6 +30,10 @@ ip_set_timeout_uget(struct nlattr *tb) { unsigned int timeout = ip_set_get_h32(tb); + /* Normalize to fit into jiffies */ + if (timeout > UINT_MAX/1000) + timeout = UINT_MAX/1000; + /* Userspace supplied TIMEOUT parameter: adjust crazy size */ return timeout == IPSET_NO_TIMEOUT ? IPSET_NO_TIMEOUT - 1 : timeout; } |