diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-05-06 22:10:52 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-05-06 22:10:52 +0200 |
commit | 42d118b793e7fd82bde260d6635ac2ae607afdac (patch) | |
tree | ce4f5bbede82821c763274ac4f7cf77b387c4dd7 /kernel/net/netfilter/ipset/ip_set_hash_netport.c | |
parent | a9dcf6937ede801effaf64f03470fa838246278b (diff) |
Fix hash size checking in kernel
The hash size must fit both into u32 (jhash) and the max value of
size_t. The missing checking could lead to kernel crash, bug reported
by Seblu.
Diffstat (limited to 'kernel/net/netfilter/ipset/ip_set_hash_netport.c')
-rw-r--r-- | kernel/net/netfilter/ipset/ip_set_hash_netport.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netport.c b/kernel/net/netfilter/ipset/ip_set_hash_netport.c index d7df21c..901fcae 100644 --- a/kernel/net/netfilter/ipset/ip_set_hash_netport.c +++ b/kernel/net/netfilter/ipset/ip_set_hash_netport.c @@ -573,6 +573,7 @@ hash_netport_create(struct ip_set *set, struct nlattr *tb[], u32 flags) struct ip_set_hash *h; u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM; u8 hbits; + size_t hsize; if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6)) return -IPSET_ERR_INVALID_FAMILY; @@ -602,9 +603,12 @@ hash_netport_create(struct ip_set *set, struct nlattr *tb[], u32 flags) h->timeout = IPSET_NO_TIMEOUT; hbits = htable_bits(hashsize); - h->table = ip_set_alloc( - sizeof(struct htable) - + jhash_size(hbits) * sizeof(struct hbucket)); + hsize = htable_size(hbits); + if (hsize == 0) { + kfree(h); + return -ENOMEM; + } + h->table = ip_set_alloc(hsize); if (!h->table) { kfree(h); return -ENOMEM; |