diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-09-04 17:45:59 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-09-21 21:51:34 +0200 |
commit | b9fed748185a96b7cfe74afac4bd228e8af16f01 (patch) | |
tree | 6186be239aee023c11897c2bbde070d32fee0abe /net/netfilter/ipset/ip_set_hash_ipportip.c | |
parent | 6e27c9b4ee8f348770be5751e6a845ff52a31e19 (diff) | |
download | op-kernel-dev-b9fed748185a96b7cfe74afac4bd228e8af16f01.zip op-kernel-dev-b9fed748185a96b7cfe74afac4bd228e8af16f01.tar.gz |
netfilter: ipset: Check and reject crazy /0 input parameters
bitmap:ip and bitmap:ip,mac type did not reject such a crazy range
when created and using such a set results in a kernel crash.
The hash types just silently ignored such parameters.
Reject invalid /0 input parameters explicitely.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'net/netfilter/ipset/ip_set_hash_ipportip.c')
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipportip.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/ipset/ip_set_hash_ipportip.c b/net/netfilter/ipset/ip_set_hash_ipportip.c index c864bf4..ac09bec 100644 --- a/net/netfilter/ipset/ip_set_hash_ipportip.c +++ b/net/netfilter/ipset/ip_set_hash_ipportip.c @@ -225,7 +225,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[], } else if (tb[IPSET_ATTR_CIDR]) { u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); - if (cidr > 32) + if (!cidr || cidr > 32) return -IPSET_ERR_INVALID_CIDR; ip_set_mask_from_to(ip, ip_to, cidr); } else |