summaryrefslogtreecommitdiffstats
path: root/kernel/net/netfilter/ipset/ip_set_list_set.c
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2014-08-05 22:02:34 +0200
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2014-08-05 22:02:34 +0200
commited28cbc93d124421d2810797d4b6d98f8ab07aae (patch)
tree4c6d23ddaa78ba96e69d60d4e6750d34d48569e1 /kernel/net/netfilter/ipset/ip_set_list_set.c
parentcc63c93eb9e27786559bea642edfef91cca831fd (diff)
Fix warn: integer overflows 'sizeof(*map) + size * set->dsize'
Dan Carpenter reported that the static checker emits the warning net/netfilter/ipset/ip_set_list_set.c:600 init_list_set() warn: integer overflows 'sizeof(*map) + size * set->dsize' Limit the maximal number of elements in list type of sets.
Diffstat (limited to 'kernel/net/netfilter/ipset/ip_set_list_set.c')
-rw-r--r--kernel/net/netfilter/ipset/ip_set_list_set.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_list_set.c b/kernel/net/netfilter/ipset/ip_set_list_set.c
index 3e2317f..f87adba 100644
--- a/kernel/net/netfilter/ipset/ip_set_list_set.c
+++ b/kernel/net/netfilter/ipset/ip_set_list_set.c
@@ -597,7 +597,9 @@ init_list_set(struct net *net, struct ip_set *set, u32 size)
struct set_elem *e;
u32 i;
- map = kzalloc(sizeof(*map) + size * set->dsize, GFP_KERNEL);
+ map = kzalloc(sizeof(*map) +
+ min_t(u32, size, IP_SET_LIST_MAX_SIZE) * set->dsize,
+ GFP_KERNEL);
if (!map)
return false;