Commit 1b05756c48ea07ced9604ef01d11194d936da163
1 parent
94729f8a1e
netfilter: ipset: Fix warn: integer overflows 'sizeof(*map) + size * set->dsize'
Dan Carpenter reported that the static checker emits the warning
net/netfilter/ipset/ip_set_list_set.c:600 init_list_set()
warn: integer overflows 'sizeof(*map) + size * set->dsize'
Limit the maximal number of elements in list type of sets.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Showing 2 changed files with 4 additions and 1 deletions Side-by-side Diff
include/linux/netfilter/ipset/ip_set_list.h
net/netfilter/ipset/ip_set_list_set.c
| ... | ... | @@ -597,7 +597,9 @@ |
| 597 | 597 | struct set_elem *e; |
| 598 | 598 | u32 i; |
| 599 | 599 | |
| 600 | - map = kzalloc(sizeof(*map) + size * set->dsize, GFP_KERNEL); | |
| 600 | + map = kzalloc(sizeof(*map) + | |
| 601 | + min_t(u32, size, IP_SET_LIST_MAX_SIZE) * set->dsize, | |
| 602 | + GFP_KERNEL); | |
| 601 | 603 | if (!map) |
| 602 | 604 | return false; |
| 603 | 605 |