projects
/
linux-2.6-microblaze.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
netfilter: ipset: Limit the maximal range of consecutive elements to add/delete
[linux-2.6-microblaze.git]
/
net
/
netfilter
/
ipset
/
ip_set_hash_net.c
diff --git
a/net/netfilter/ipset/ip_set_hash_net.c
b/net/netfilter/ipset/ip_set_hash_net.c
index
c1a11f0
..
1422739
100644
(file)
--- a/
net/netfilter/ipset/ip_set_hash_net.c
+++ b/
net/netfilter/ipset/ip_set_hash_net.c
@@
-140,7
+140,7
@@
hash_net4_uadt(struct ip_set *set, struct nlattr *tb[],
ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_net4_elem e = { .cidr = HOST_MASK };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
ipset_adtfn adtfn = set->variant->adt[adt];
struct hash_net4_elem e = { .cidr = HOST_MASK };
struct ip_set_ext ext = IP_SET_INIT_UEXT(set);
- u32 ip = 0, ip_to = 0;
+ u32 ip = 0, ip_to = 0
, ipn, n = 0
;
int ret;
if (tb[IPSET_ATTR_LINENO])
int ret;
if (tb[IPSET_ATTR_LINENO])
@@
-188,6
+188,15
@@
hash_net4_uadt(struct ip_set *set, struct nlattr *tb[],
if (ip + UINT_MAX == ip_to)
return -IPSET_ERR_HASH_RANGE;
}
if (ip + UINT_MAX == ip_to)
return -IPSET_ERR_HASH_RANGE;
}
+ ipn = ip;
+ do {
+ ipn = ip_set_range_to_cidr(ipn, ip_to, &e.cidr);
+ n++;
+ } while (ipn++ < ip_to);
+
+ if (n > IPSET_MAX_RANGE)
+ return -ERANGE;
+
if (retried)
ip = ntohl(h->next.ip);
do {
if (retried)
ip = ntohl(h->next.ip);
do {