summaryrefslogtreecommitdiffstats
path: root/kernel/net/netfilter/xt_set.c
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2018-06-01 20:59:14 +0200
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2018-06-01 20:59:14 +0200
commitcef553009b5181ae3c9f465c0e300ec8c8b37fbd (patch)
treed29251244ca4ff0d8a737c474971c90e87c3e2a8 /kernel/net/netfilter/xt_set.c
parent8b140bd12daffd6b3c6e50af9c55f8a601900664 (diff)
Limit max timeout value to (UINT_MAX >> 1)/MSEC_PER_SEC
Due to the negative value condition in msecs_to_jiffies(), the real max possible timeout value must be set to (UINT_MAX >> 1)/MSEC_PER_SEC. Neutron Soutmun proposed the proper fix, but an insufficient one was applied, see https://patchwork.ozlabs.org/patch/400405/.
Diffstat (limited to 'kernel/net/netfilter/xt_set.c')
-rw-r--r--kernel/net/netfilter/xt_set.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/kernel/net/netfilter/xt_set.c b/kernel/net/netfilter/xt_set.c
index f10c6de..43e54ef 100644
--- a/kernel/net/netfilter/xt_set.c
+++ b/kernel/net/netfilter/xt_set.c
@@ -407,8 +407,8 @@ set_target_v2(struct sk_buff *skb, const struct xt_action_param *par)
/* Normalize to fit into jiffies */
if (add_opt.ext.timeout != IPSET_NO_TIMEOUT &&
- add_opt.ext.timeout > UINT_MAX / MSEC_PER_SEC)
- add_opt.ext.timeout = UINT_MAX / MSEC_PER_SEC;
+ add_opt.ext.timeout > IPSET_MAX_TIMEOUT)
+ add_opt.ext.timeout = IPSET_MAX_TIMEOUT;
if (info->add_set.index != IPSET_INVALID_ID)
ip_set_add(info->add_set.index, skb, CAST_TO_MATCH par,
&add_opt);
@@ -444,8 +444,8 @@ set_target_v3(struct sk_buff *skb, const struct xt_action_param *par)
/* Normalize to fit into jiffies */
if (add_opt.ext.timeout != IPSET_NO_TIMEOUT &&
- add_opt.ext.timeout > UINT_MAX / MSEC_PER_SEC)
- add_opt.ext.timeout = UINT_MAX / MSEC_PER_SEC;
+ add_opt.ext.timeout > IPSET_MAX_TIMEOUT)
+ add_opt.ext.timeout = IPSET_MAX_TIMEOUT;
if (info->add_set.index != IPSET_INVALID_ID)
ip_set_add(info->add_set.index, skb, CAST_TO_MATCH par,
&add_opt);