diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-09-04 17:45:59 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-09-10 21:08:13 +0200 |
commit | a1cbbc8f86a8ef955708d48f20f8ca021a0a7641 (patch) | |
tree | 9b24627f30ca20a42e81fec8e77cd1b8ee3ed346 /kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c | |
parent | d1e9a7a4a187a19af9a3c2d3089f0dfabc42b61e (diff) |
Check and reject crazy /0 input parameters
bitmap:ip and bitmap:ip,mac type did not reject such a crazy range
when created and using such a set results in a kernel crash.
The hash types just silently ignored such parameters.
Reject invalid /0 input parameters explicitely.
Diffstat (limited to 'kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c')
-rw-r--r-- | kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c index 637c834..0fadfe9 100644 --- a/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c +++ b/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c @@ -566,7 +566,8 @@ static int bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[], u32 flags) { - u32 first_ip, last_ip, elements; + u32 first_ip, last_ip; + u64 elements; struct bitmap_ipmac *map; int ret; @@ -597,7 +598,7 @@ bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[], } else return -IPSET_ERR_PROTOCOL; - elements = last_ip - first_ip + 1; + elements = (u64)last_ip - first_ip + 1; if (elements > IPSET_BITMAP_MAX_RANGE + 1) return -IPSET_ERR_BITMAP_RANGE_SIZE; |