diff options
| author | Jan Engelhardt <jengelh@inai.de> | 2012-07-28 19:10:08 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-07-31 13:32:26 +0200 |
| commit | 9d69da4bdb1d546218d168b72f12ac8aa042e3d8 (patch) | |
| tree | 781a8b8638bcba108c85f18f8b91bc85e11f43f4 /extensions | |
| parent | a19988f2795770ce470562c1795e1cf53e3aa54b (diff) | |
libxt_*limit: avoid division by zero
It was possible to specify -A mychain -m hashlimit --hashlimit
600059/minute; this would convert to r->avg=0, which subsequently
causes a division by zero when printing with -S mychain.
1. Avoid division by zero in print_rate by printing infinity
instead.
2. Rewrite the test in parse_rate to properly reject too high rates.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Diffstat (limited to 'extensions')
| -rw-r--r-- | extensions/libxt_hashlimit.c | 17 | ||||
| -rw-r--r-- | extensions/libxt_limit.c | 17 |
2 files changed, 24 insertions, 10 deletions
diff --git a/extensions/libxt_hashlimit.c b/extensions/libxt_hashlimit.c index 37a31489..831345b7 100644 --- a/extensions/libxt_hashlimit.c +++ b/extensions/libxt_hashlimit.c @@ -10,6 +10,7 @@ * * Error corections by nmalykh@bilim.com (22.01.2005) */ +#include <math.h> #include <stdbool.h> #include <stdint.h> #include <stdio.h> @@ -250,12 +251,13 @@ int parse_rate(const char *rate, uint32_t *val, struct hashlimit_mt_udata *ud) if (!r) return 0; - /* This would get mapped to infinite (1/day is minimum they - can specify, so we're ok at that end). */ - if (r / ud->mult > XT_HASHLIMIT_SCALE) - xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"\n", rate); - *val = XT_HASHLIMIT_SCALE * ud->mult / r; + if (*val == 0) + /* + * The rate maps to infinity. (1/day is the minimum they can + * specify, so we are ok at that end). + */ + xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"\n", rate); return 1; } @@ -434,6 +436,11 @@ static uint32_t print_rate(uint32_t period) { unsigned int i; + if (period == 0) { + printf(" %f", INFINITY); + return 0; + } + for (i = 1; i < ARRAY_SIZE(rates); ++i) if (period > rates[i].mult || rates[i].mult/period < rates[i].mult%period) diff --git a/extensions/libxt_limit.c b/extensions/libxt_limit.c index b15b02f2..023500cf 100644 --- a/extensions/libxt_limit.c +++ b/extensions/libxt_limit.c @@ -3,6 +3,7 @@ * Jérôme de Vivie <devivie@info.enserb.u-bordeaux.fr> * Hervé Eychenne <rv@wallfire.org> */ +#include <math.h> #include <stdio.h> #include <string.h> #include <stdlib.h> @@ -64,12 +65,13 @@ int parse_rate(const char *rate, uint32_t *val) if (!r) return 0; - /* This would get mapped to infinite (1/day is minimum they - can specify, so we're ok at that end). */ - if (r / mult > XT_LIMIT_SCALE) - xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"\n", rate); - *val = XT_LIMIT_SCALE * mult / r; + if (*val == 0) + /* + * The rate maps to infinity. (1/day is the minimum they can + * specify, so we are ok at that end). + */ + xtables_error(PARAMETER_PROBLEM, "Rate too fast \"%s\"\n", rate); return 1; } @@ -118,6 +120,11 @@ static void print_rate(uint32_t period) { unsigned int i; + if (period == 0) { + printf(" %f", INFINITY); + return; + } + for (i = 1; i < ARRAY_SIZE(rates); ++i) if (period > rates[i].mult || rates[i].mult/period < rates[i].mult%period) |