projects / linux-2.6-microblaze.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c7d1022) | patch
netfilter: ipset: Limit the maximal range of consecutive elements to add/delete
authorJozsef Kadlecsik <kadlec@netfilter.org>
Wed, 28 Jul 2021 15:01:15 +0000 (17:01 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 4 Aug 2021 08:41:03 +0000 (10:41 +0200)
commit5f7b51bf09baca8e4f80cbe879536842bafb5f31
treebce22856b41c8a21912bda7a40cd77275f2a54e7tree | snapshot
parentc7d102232649226a69dddd58a4942cf13cff4f7ccommit | diff
netfilter: ipset: Limit the maximal range of consecutive elements to add/delete

The range size of consecutive elements were not limited. Thus one could
define a huge range which may result soft lockup errors due to the long
execution time. Now the range size is limited to 2^20 entries.

Reported-by: Brad Spengler <spender@grsecurity.net>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/linux/netfilter/ipset/ip_set.h diff | blob | history
net/netfilter/ipset/ip_set_hash_ip.c diff | blob | history
net/netfilter/ipset/ip_set_hash_ipmark.c diff | blob | history
net/netfilter/ipset/ip_set_hash_ipport.c diff | blob | history
net/netfilter/ipset/ip_set_hash_ipportip.c diff | blob | history
net/netfilter/ipset/ip_set_hash_ipportnet.c diff | blob | history
net/netfilter/ipset/ip_set_hash_net.c diff | blob | history
net/netfilter/ipset/ip_set_hash_netiface.c diff | blob | history
net/netfilter/ipset/ip_set_hash_netnet.c diff | blob | history
net/netfilter/ipset/ip_set_hash_netport.c diff | blob | history
net/netfilter/ipset/ip_set_hash_netportnet.c diff | blob | history
MicroBlaze GIT Repository