www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
	Fri, 12 Jan 2018 10:16:50 +0000 (11:16 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 21 Dec 2018 13:13:10 +0000 (14:13 +0100)
commit	5515c5bd3f560e89222cce52ea2f71c71687a2e8
tree	0f4cde18e5e04c1b8190d499f166929d7539e769	tree
parent	2a35d21a4d12fe774c46d17831e2938781179c83	commit \| diff

netfilter: ipset: Fix wraparound in hash:*net* types

[ Upstream commit 0b8d9073539e217f79ec1bff65eb205ac796723d ]

Fix wraparound bug which could lead to memory exhaustion when adding an
x.x.x.x-255.255.255.255 range to any hash:*net* types.

Fixes Netfilter's bugzilla id #1212, reported by Thomas Schwark.

Fixes: 48596a8ddc46 ("netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses")
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

net/netfilter/ipset/ip_set_hash_ipportnet.c		diff \| blob \| history
net/netfilter/ipset/ip_set_hash_net.c		diff \| blob \| history
net/netfilter/ipset/ip_set_hash_netiface.c		diff \| blob \| history
net/netfilter/ipset/ip_set_hash_netnet.c		diff \| blob \| history
net/netfilter/ipset/ip_set_hash_netport.c		diff \| blob \| history
net/netfilter/ipset/ip_set_hash_netportnet.c		diff \| blob \| history