tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: ipset: Limit max timeout value

Due to the negative value condition in msecs_to_jiffies(), the real
max possible timeout value must be set to (UINT_MAX >> 1)/MSEC_PER_SEC.

Neutron Soutmun proposed the proper fix, but an insufficient one was
applied, see https://patchwork.ozlabs.org/patch/400405/.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

Jozsef Kadlecsik 30a2e107 bd975e69

+10 -8
+6 -4
include/linux/netfilter/ipset/ip_set_timeout.h
··· 23 23 /* Set is defined with timeout support: timeout value may be 0 */ 24 24 #define IPSET_NO_TIMEOUT UINT_MAX 25 25 26 + /* Max timeout value, see msecs_to_jiffies() in jiffies.h */ 27 + #define IPSET_MAX_TIMEOUT (UINT_MAX >> 1)/MSEC_PER_SEC 28 + 26 29 #define ip_set_adt_opt_timeout(opt, set) \ 27 30 ((opt)->ext.timeout != IPSET_NO_TIMEOUT ? (opt)->ext.timeout : (set)->timeout) 28 31 ··· 35 32 unsigned int timeout = ip_set_get_h32(tb); 36 33 37 34 /* Normalize to fit into jiffies */ 38 - if (timeout > UINT_MAX/MSEC_PER_SEC) 39 - timeout = UINT_MAX/MSEC_PER_SEC; 35 + if (timeout > IPSET_MAX_TIMEOUT) 36 + timeout = IPSET_MAX_TIMEOUT; 40 37 41 - /* Userspace supplied TIMEOUT parameter: adjust crazy size */ 42 - return timeout == IPSET_NO_TIMEOUT ? IPSET_NO_TIMEOUT - 1 : timeout; 38 + return timeout; 43 39 } 44 40 45 41 static inline bool
+4 -4
net/netfilter/xt_set.c
··· 372 372 373 373 /* Normalize to fit into jiffies */ 374 374 if (add_opt.ext.timeout != IPSET_NO_TIMEOUT && 375 - add_opt.ext.timeout > UINT_MAX / MSEC_PER_SEC) 376 - add_opt.ext.timeout = UINT_MAX / MSEC_PER_SEC; 375 + add_opt.ext.timeout > IPSET_MAX_TIMEOUT) 376 + add_opt.ext.timeout = IPSET_MAX_TIMEOUT; 377 377 if (info->add_set.index != IPSET_INVALID_ID) 378 378 ip_set_add(info->add_set.index, skb, par, &add_opt); 379 379 if (info->del_set.index != IPSET_INVALID_ID) ··· 407 407 408 408 /* Normalize to fit into jiffies */ 409 409 if (add_opt.ext.timeout != IPSET_NO_TIMEOUT && 410 - add_opt.ext.timeout > UINT_MAX / MSEC_PER_SEC) 411 - add_opt.ext.timeout = UINT_MAX / MSEC_PER_SEC; 410 + add_opt.ext.timeout > IPSET_MAX_TIMEOUT) 411 + add_opt.ext.timeout = IPSET_MAX_TIMEOUT; 412 412 if (info->add_set.index != IPSET_INVALID_ID) 413 413 ip_set_add(info->add_set.index, skb, par, &add_opt); 414 414 if (info->del_set.index != IPSET_INVALID_ID)