Commit 1b05756c48ea07ced9604ef01d11194d936da163
1 parent
94729f8a1e
netfilter: ipset: Fix warn: integer overflows 'sizeof(*map) + size * set->dsize'
Dan Carpenter reported that the static checker emits the warning net/netfilter/ipset/ip_set_list_set.c:600 init_list_set() warn: integer overflows 'sizeof(*map) + size * set->dsize' Limit the maximal number of elements in list type of sets. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Showing 2 changed files with 4 additions and 1 deletions Side-by-side Diff
include/linux/netfilter/ipset/ip_set_list.h
net/netfilter/ipset/ip_set_list_set.c
... | ... | @@ -597,7 +597,9 @@ |
597 | 597 | struct set_elem *e; |
598 | 598 | u32 i; |
599 | 599 | |
600 | - map = kzalloc(sizeof(*map) + size * set->dsize, GFP_KERNEL); | |
600 | + map = kzalloc(sizeof(*map) + | |
601 | + min_t(u32, size, IP_SET_LIST_MAX_SIZE) * set->dsize, | |
602 | + GFP_KERNEL); | |
601 | 603 | if (!map) |
602 | 604 | return false; |
603 | 605 |