diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-05-06 22:10:52 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-05-06 22:10:52 +0200 |
commit | 42d118b793e7fd82bde260d6635ac2ae607afdac (patch) | |
tree | ce4f5bbede82821c763274ac4f7cf77b387c4dd7 /kernel/include | |
parent | a9dcf6937ede801effaf64f03470fa838246278b (diff) |
Fix hash size checking in kernel
The hash size must fit both into u32 (jhash) and the max value of
size_t. The missing checking could lead to kernel crash, bug reported
by Seblu.
Diffstat (limited to 'kernel/include')
-rw-r--r-- | kernel/include/linux/netfilter/ipset/ip_set_ahash.h | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/kernel/include/linux/netfilter/ipset/ip_set_ahash.h b/kernel/include/linux/netfilter/ipset/ip_set_ahash.h index 05a5d72..230a290 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set_ahash.h +++ b/kernel/include/linux/netfilter/ipset/ip_set_ahash.h @@ -99,6 +99,22 @@ struct ip_set_hash { #endif }; +static size_t +htable_size(u8 hbits) +{ + size_t hsize; + + /* We must fit both into u32 in jhash and size_t */ + if (hbits > 31) + return 0; + hsize = jhash_size(hbits); + if ((((size_t)-1) - sizeof(struct htable))/sizeof(struct hbucket) + < hsize) + return 0; + + return hsize * sizeof(struct hbucket) + sizeof(struct htable); +} + /* Compute htable_bits from the user input parameter hashsize */ static u8 htable_bits(u32 hashsize) |