summaryrefslogtreecommitdiffstats
path: root/kernel/include
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2012-05-06 22:10:52 +0200
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2012-05-06 22:10:52 +0200
commit42d118b793e7fd82bde260d6635ac2ae607afdac (patch)
treece4f5bbede82821c763274ac4f7cf77b387c4dd7 /kernel/include
parenta9dcf6937ede801effaf64f03470fa838246278b (diff)
Fix hash size checking in kernel
The hash size must fit both into u32 (jhash) and the max value of size_t. The missing checking could lead to kernel crash, bug reported by Seblu.
Diffstat (limited to 'kernel/include')
-rw-r--r--kernel/include/linux/netfilter/ipset/ip_set_ahash.h16
1 files changed, 16 insertions, 0 deletions
diff --git a/kernel/include/linux/netfilter/ipset/ip_set_ahash.h b/kernel/include/linux/netfilter/ipset/ip_set_ahash.h
index 05a5d72..230a290 100644
--- a/kernel/include/linux/netfilter/ipset/ip_set_ahash.h
+++ b/kernel/include/linux/netfilter/ipset/ip_set_ahash.h
@@ -99,6 +99,22 @@ struct ip_set_hash {
#endif
};
+static size_t
+htable_size(u8 hbits)
+{
+ size_t hsize;
+
+ /* We must fit both into u32 in jhash and size_t */
+ if (hbits > 31)
+ return 0;
+ hsize = jhash_size(hbits);
+ if ((((size_t)-1) - sizeof(struct htable))/sizeof(struct hbucket)
+ < hsize)
+ return 0;
+
+ return hsize * sizeof(struct hbucket) + sizeof(struct htable);
+}
+
/* Compute htable_bits from the user input parameter hashsize */
static u8
htable_bits(u32 hashsize)