summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2012-05-14 01:47:01 +0000
committerDavid S. Miller <davem@davemloft.net>2012-05-16 15:38:49 -0400
commit26a5d3cc0b3d1ff23b5a94edb58226afe7f12a0c (patch)
tree046834414e20d334fc5172275a53c55d9722a714 /include
parent769b0daf6e18a05a6d4da94baab7edd12867350c (diff)
downloadlinux-26a5d3cc0b3d1ff23b5a94edb58226afe7f12a0c.tar.gz
linux-26a5d3cc0b3d1ff23b5a94edb58226afe7f12a0c.tar.bz2
linux-26a5d3cc0b3d1ff23b5a94edb58226afe7f12a0c.zip
netfilter: ipset: fix hash size checking in kernel
The hash size must fit both into u32 (jhash) and the max value of size_t. The missing checking could lead to kernel crash, bug reported by Seblu. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter/ipset/ip_set_ahash.h16
1 files changed, 16 insertions, 0 deletions
diff --git a/include/linux/netfilter/ipset/ip_set_ahash.h b/include/linux/netfilter/ipset/ip_set_ahash.h
index 05a5d72680be..230a290e1973 100644
--- a/include/linux/netfilter/ipset/ip_set_ahash.h
+++ b/include/linux/netfilter/ipset/ip_set_ahash.h
@@ -99,6 +99,22 @@ struct ip_set_hash {
#endif
};
+static size_t
+htable_size(u8 hbits)
+{
+ size_t hsize;
+
+ /* We must fit both into u32 in jhash and size_t */
+ if (hbits > 31)
+ return 0;
+ hsize = jhash_size(hbits);
+ if ((((size_t)-1) - sizeof(struct htable))/sizeof(struct hbucket)
+ < hsize)
+ return 0;
+
+ return hsize * sizeof(struct hbucket) + sizeof(struct htable);
+}
+
/* Compute htable_bits from the user input parameter hashsize */
static u8
htable_bits(u32 hashsize)