From a63d02aeb7d00a2546c8bfc966b415704979b043 Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@netfilter.org>
Date: Fri, 16 Jul 2021 14:36:45 +0200
Subject: Limit the maximal range of consecutive elements to add/delete fix

Avoid possible number overflows when calculating the number of
consecutive elements. Also, compute properly the consecutive
elements in the case of hash:net* types.

Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
---
 kernel/net/netfilter/ipset/ip_set_hash_ipportip.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'kernel/net/netfilter/ipset/ip_set_hash_ipportip.c')

diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c b/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
index 0728b38..0be8f53 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
@@ -181,7 +181,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[],
 			swap(port, port_to);
 	}
 
-	if ((ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE)
+	if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE)
 		return -ERANGE;
 
 	if (retried)
-- 
cgit v1.2.3