mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-08-26 02:39:48 +00:00
Code Issues Releases Wiki Activity

netfilter: ipset: Fix warn: integer overflows 'sizeof(*map) + size * set->dsize'

Browse source 
Dan Carpenter reported that the static checker emits the warning

        net/netfilter/ipset/ip_set_list_set.c:600 init_list_set()
        warn: integer overflows 'sizeof(*map) + size * set->dsize'

Limit the maximal number of elements in list type of sets.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
This commit is contained in:
Jozsef Kadlecsik 2014-08-05 22:02:34 +02:00
parent 94729f8a1e
commit 1b05756c48
2 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
include/linux/netfilter/ipset/ip_set_list.h
View file

@ -6,5 +6,6 @@
#define IP_SET_LIST_DEFAULT_SIZE 8
#define IP_SET_LIST_MIN_SIZE 4
#define IP_SET_LIST_MAX_SIZE 65536
#endif /* __IP_SET_LIST_H */

4
net/netfilter/ipset/ip_set_list_set.c
View file

@ -597,7 +597,9 @@ init_list_set(struct net *net, struct ip_set *set, u32 size)
struct set_elem *e;
u32 i;
map = kzalloc(sizeof(*map) + size * set->dsize, GFP_KERNEL);
map = kzalloc(sizeof(*map) +
min_t(u32, size, IP_SET_LIST_MAX_SIZE) * set->dsize,
GFP_KERNEL);
if (!map)
return false;