diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-05-04 21:37:28 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-05-04 21:37:28 +0200 |
commit | 7219d88329cabcdd05df9477af6e2dee007b60b1 (patch) | |
tree | 1acd3e29f2bbbce49dc8e2b0e0d8ed18a9f111a3 /kernel/net | |
parent | 02cb61dcb7a120b7a5f7a480fd2b43f49e28dafc (diff) |
Fix timeout value overflow bug at large timeout parameters
Large timeout parameters could result wrong timeout values due to
an overflow at msec to jiffies conversion (reported by Andreas Herz)
Diffstat (limited to 'kernel/net')
-rw-r--r-- | kernel/net/netfilter/xt_set.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/kernel/net/netfilter/xt_set.c b/kernel/net/netfilter/xt_set.c index 0ec8138..e97a31b 100644 --- a/kernel/net/netfilter/xt_set.c +++ b/kernel/net/netfilter/xt_set.c @@ -44,6 +44,14 @@ const struct ip_set_adt_opt n = { \ .cmdflags = cfs, \ .timeout = t, \ } +#define ADT_MOPT(n, f, d, fs, cfs, t) \ +struct ip_set_adt_opt n = { \ + .family = f, \ + .dim = d, \ + .flags = fs, \ + .cmdflags = cfs, \ + .timeout = t, \ +} /* Revision 0 interface: backward compatible with netfilter/iptables */ @@ -296,11 +304,14 @@ static unsigned int set_target_v2(struct sk_buff *skb, const struct xt_action_param *par) { const struct xt_set_info_target_v2 *info = par->targinfo; - ADT_OPT(add_opt, par->family, info->add_set.dim, - info->add_set.flags, info->flags, info->timeout); + ADT_MOPT(add_opt, par->family, info->add_set.dim, + info->add_set.flags, info->flags, info->timeout); ADT_OPT(del_opt, par->family, info->del_set.dim, info->del_set.flags, 0, UINT_MAX); + /* Normalize to fit into jiffies */ + if (add_opt.timeout > UINT_MAX/1000) + add_opt.timeout = UINT_MAX/1000; if (info->add_set.index != IPSET_INVALID_ID) ip_set_add(info->add_set.index, skb, par, &add_opt); if (info->del_set.index != IPSET_INVALID_ID) |