diff options
| author | Patrick McHardy <kaber@trash.net> | 2014-02-05 06:26:22 -0500 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-02-05 11:46:07 -0500 |
| commit | 53b70287ddf487a38b7cbf0a10db28f40714b799 (patch) | |
| tree | 314988aaaead3152a8a558d2e886e83b82626e97 /net | |
| parent | e53376bef2cd97d3e3f61fdc677fb8da7d03d0da (diff) | |
netfilter: nf_tables: fix overrun in nf_tables_set_alloc_name()
The map that is used to allocate anonymous sets is indeed
BITS_PER_BYTE * PAGE_SIZE long.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 9ce30534f853..2a22a186eb3d 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c | |||
| @@ -1989,13 +1989,13 @@ static int nf_tables_set_alloc_name(struct nft_ctx *ctx, struct nft_set *set, | |||
| 1989 | 1989 | ||
| 1990 | if (!sscanf(i->name, name, &tmp)) | 1990 | if (!sscanf(i->name, name, &tmp)) |
| 1991 | continue; | 1991 | continue; |
| 1992 | if (tmp < 0 || tmp > BITS_PER_LONG * PAGE_SIZE) | 1992 | if (tmp < 0 || tmp >= BITS_PER_BYTE * PAGE_SIZE) |
| 1993 | continue; | 1993 | continue; |
| 1994 | 1994 | ||
| 1995 | set_bit(tmp, inuse); | 1995 | set_bit(tmp, inuse); |
| 1996 | } | 1996 | } |
| 1997 | 1997 | ||
| 1998 | n = find_first_zero_bit(inuse, BITS_PER_LONG * PAGE_SIZE); | 1998 | n = find_first_zero_bit(inuse, BITS_PER_BYTE * PAGE_SIZE); |
| 1999 | free_page((unsigned long)inuse); | 1999 | free_page((unsigned long)inuse); |
| 2000 | } | 2000 | } |
| 2001 | 2001 | ||