diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-05-14 01:47:01 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2012-05-16 15:38:49 -0400 |
commit | 26a5d3cc0b3d1ff23b5a94edb58226afe7f12a0c (patch) | |
tree | 046834414e20d334fc5172275a53c55d9722a714 /include | |
parent | 769b0daf6e18a05a6d4da94baab7edd12867350c (diff) | |
download | linux-26a5d3cc0b3d1ff23b5a94edb58226afe7f12a0c.tar.gz linux-26a5d3cc0b3d1ff23b5a94edb58226afe7f12a0c.tar.bz2 linux-26a5d3cc0b3d1ff23b5a94edb58226afe7f12a0c.zip |
netfilter: ipset: fix hash size checking in kernel
The hash size must fit both into u32 (jhash) and the max value of
size_t. The missing checking could lead to kernel crash, bug reported
by Seblu.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/netfilter/ipset/ip_set_ahash.h | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/include/linux/netfilter/ipset/ip_set_ahash.h b/include/linux/netfilter/ipset/ip_set_ahash.h index 05a5d72680be..230a290e1973 100644 --- a/include/linux/netfilter/ipset/ip_set_ahash.h +++ b/include/linux/netfilter/ipset/ip_set_ahash.h @@ -99,6 +99,22 @@ struct ip_set_hash { #endif }; +static size_t +htable_size(u8 hbits) +{ + size_t hsize; + + /* We must fit both into u32 in jhash and size_t */ + if (hbits > 31) + return 0; + hsize = jhash_size(hbits); + if ((((size_t)-1) - sizeof(struct htable))/sizeof(struct hbucket) + < hsize) + return 0; + + return hsize * sizeof(struct hbucket) + sizeof(struct htable); +} + /* Compute htable_bits from the user input parameter hashsize */ static u8 htable_bits(u32 hashsize) |