From 15932461c91e8aedf54e885d429b954b439605d2 Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@netfilter.org>
Date: Wed, 14 Jul 2021 12:37:07 +0200
Subject: Limit the maximal range of consecutive elements to add/delete

The range size of consecutive elements were not limited. Thus one
could define a huge range which may result soft lockup errors due
to the long execution time. Now the range size is limited to 2^20
entries. Reported by Brad Spengler.

Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
---
 lib/errcode.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lib')

diff --git a/lib/errcode.c b/lib/errcode.c
index b38f95e..76bab74 100644
--- a/lib/errcode.c
+++ b/lib/errcode.c
@@ -25,6 +25,8 @@ static const struct ipset_errcode_table core_errcode_table[] = {
 	  "The set with the given name does not exist" },
 	{ EMSGSIZE, 0,
 	  "Kernel error received: message could not be created" },
+	{ ERANGE, 0,
+	  "The specified range is too large, split it up into smaller ranges" },
 	{ IPSET_ERR_PROTOCOL,  0,
 	  "Kernel error received: ipset protocol error" },
 
-- 
cgit v1.2.3