diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2014-08-05 22:02:34 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2014-08-05 22:02:34 +0200 |
commit | ed28cbc93d124421d2810797d4b6d98f8ab07aae (patch) | |
tree | 4c6d23ddaa78ba96e69d60d4e6750d34d48569e1 | |
parent | cc63c93eb9e27786559bea642edfef91cca831fd (diff) |
Fix warn: integer overflows 'sizeof(*map) + size * set->dsize'
Dan Carpenter reported that the static checker emits the warning
net/netfilter/ipset/ip_set_list_set.c:600 init_list_set()
warn: integer overflows 'sizeof(*map) + size * set->dsize'
Limit the maximal number of elements in list type of sets.
-rw-r--r-- | kernel/include/linux/netfilter/ipset/ip_set_list.h | 1 | ||||
-rw-r--r-- | kernel/net/netfilter/ipset/ip_set_list_set.c | 4 |
2 files changed, 4 insertions, 1 deletions
diff --git a/kernel/include/linux/netfilter/ipset/ip_set_list.h b/kernel/include/linux/netfilter/ipset/ip_set_list.h index 68c2aea..fe2622a 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set_list.h +++ b/kernel/include/linux/netfilter/ipset/ip_set_list.h @@ -6,5 +6,6 @@ #define IP_SET_LIST_DEFAULT_SIZE 8 #define IP_SET_LIST_MIN_SIZE 4 +#define IP_SET_LIST_MAX_SIZE 65536 #endif /* __IP_SET_LIST_H */ diff --git a/kernel/net/netfilter/ipset/ip_set_list_set.c b/kernel/net/netfilter/ipset/ip_set_list_set.c index 3e2317f..f87adba 100644 --- a/kernel/net/netfilter/ipset/ip_set_list_set.c +++ b/kernel/net/netfilter/ipset/ip_set_list_set.c @@ -597,7 +597,9 @@ init_list_set(struct net *net, struct ip_set *set, u32 size) struct set_elem *e; u32 i; - map = kzalloc(sizeof(*map) + size * set->dsize, GFP_KERNEL); + map = kzalloc(sizeof(*map) + + min_t(u32, size, IP_SET_LIST_MAX_SIZE) * set->dsize, + GFP_KERNEL); if (!map) return false; |