mirror of
				git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
				synced 2025-09-04 20:19:47 +08:00 
			
		
		
		
	netfilter: ipset: Check and reject crazy /0 input parameters
bitmap:ip and bitmap:ip,mac type did not reject such a crazy range when created and using such a set results in a kernel crash. The hash types just silently ignored such parameters. Reject invalid /0 input parameters explicitely. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
This commit is contained in:
		
							parent
							
								
									6e27c9b4ee
								
							
						
					
					
						commit
						b9fed74818
					
				| @ -284,7 +284,7 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *tb[], | |||||||
| 	} else if (tb[IPSET_ATTR_CIDR]) { | 	} else if (tb[IPSET_ATTR_CIDR]) { | ||||||
| 		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); | 		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); | ||||||
| 
 | 
 | ||||||
| 		if (cidr > 32) | 		if (!cidr || cidr > 32) | ||||||
| 			return -IPSET_ERR_INVALID_CIDR; | 			return -IPSET_ERR_INVALID_CIDR; | ||||||
| 		ip_set_mask_from_to(ip, ip_to, cidr); | 		ip_set_mask_from_to(ip, ip_to, cidr); | ||||||
| 	} else | 	} else | ||||||
| @ -454,7 +454,8 @@ static int | |||||||
| bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) | bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) | ||||||
| { | { | ||||||
| 	struct bitmap_ip *map; | 	struct bitmap_ip *map; | ||||||
| 	u32 first_ip, last_ip, hosts, elements; | 	u32 first_ip, last_ip, hosts; | ||||||
|  | 	u64 elements; | ||||||
| 	u8 netmask = 32; | 	u8 netmask = 32; | ||||||
| 	int ret; | 	int ret; | ||||||
| 
 | 
 | ||||||
| @ -497,7 +498,7 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) | |||||||
| 
 | 
 | ||||||
| 	if (netmask == 32) { | 	if (netmask == 32) { | ||||||
| 		hosts = 1; | 		hosts = 1; | ||||||
| 		elements = last_ip - first_ip + 1; | 		elements = (u64)last_ip - first_ip + 1; | ||||||
| 	} else { | 	} else { | ||||||
| 		u8 mask_bits; | 		u8 mask_bits; | ||||||
| 		u32 mask; | 		u32 mask; | ||||||
| @ -515,7 +516,8 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) | |||||||
| 	if (elements > IPSET_BITMAP_MAX_RANGE + 1) | 	if (elements > IPSET_BITMAP_MAX_RANGE + 1) | ||||||
| 		return -IPSET_ERR_BITMAP_RANGE_SIZE; | 		return -IPSET_ERR_BITMAP_RANGE_SIZE; | ||||||
| 
 | 
 | ||||||
| 	pr_debug("hosts %u, elements %u\n", hosts, elements); | 	pr_debug("hosts %u, elements %llu\n", | ||||||
|  | 		 hosts, (unsigned long long)elements); | ||||||
| 
 | 
 | ||||||
| 	map = kzalloc(sizeof(*map), GFP_KERNEL); | 	map = kzalloc(sizeof(*map), GFP_KERNEL); | ||||||
| 	if (!map) | 	if (!map) | ||||||
|  | |||||||
| @ -557,7 +557,8 @@ static int | |||||||
| bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[], | bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[], | ||||||
| 		    u32 flags) | 		    u32 flags) | ||||||
| { | { | ||||||
| 	u32 first_ip, last_ip, elements; | 	u32 first_ip, last_ip; | ||||||
|  | 	u64 elements; | ||||||
| 	struct bitmap_ipmac *map; | 	struct bitmap_ipmac *map; | ||||||
| 	int ret; | 	int ret; | ||||||
| 
 | 
 | ||||||
| @ -588,7 +589,7 @@ bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[], | |||||||
| 	} else | 	} else | ||||||
| 		return -IPSET_ERR_PROTOCOL; | 		return -IPSET_ERR_PROTOCOL; | ||||||
| 
 | 
 | ||||||
| 	elements = last_ip - first_ip + 1; | 	elements = (u64)last_ip - first_ip + 1; | ||||||
| 
 | 
 | ||||||
| 	if (elements > IPSET_BITMAP_MAX_RANGE + 1) | 	if (elements > IPSET_BITMAP_MAX_RANGE + 1) | ||||||
| 		return -IPSET_ERR_BITMAP_RANGE_SIZE; | 		return -IPSET_ERR_BITMAP_RANGE_SIZE; | ||||||
|  | |||||||
| @ -179,7 +179,7 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[], | |||||||
| 	} else if (tb[IPSET_ATTR_CIDR]) { | 	} else if (tb[IPSET_ATTR_CIDR]) { | ||||||
| 		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); | 		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); | ||||||
| 
 | 
 | ||||||
| 		if (cidr > 32) | 		if (!cidr || cidr > 32) | ||||||
| 			return -IPSET_ERR_INVALID_CIDR; | 			return -IPSET_ERR_INVALID_CIDR; | ||||||
| 		ip_set_mask_from_to(ip, ip_to, cidr); | 		ip_set_mask_from_to(ip, ip_to, cidr); | ||||||
| 	} else | 	} else | ||||||
|  | |||||||
| @ -217,7 +217,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[], | |||||||
| 	} else if (tb[IPSET_ATTR_CIDR]) { | 	} else if (tb[IPSET_ATTR_CIDR]) { | ||||||
| 		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); | 		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); | ||||||
| 
 | 
 | ||||||
| 		if (cidr > 32) | 		if (!cidr || cidr > 32) | ||||||
| 			return -IPSET_ERR_INVALID_CIDR; | 			return -IPSET_ERR_INVALID_CIDR; | ||||||
| 		ip_set_mask_from_to(ip, ip_to, cidr); | 		ip_set_mask_from_to(ip, ip_to, cidr); | ||||||
| 	} else | 	} else | ||||||
|  | |||||||
| @ -225,7 +225,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[], | |||||||
| 	} else if (tb[IPSET_ATTR_CIDR]) { | 	} else if (tb[IPSET_ATTR_CIDR]) { | ||||||
| 		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); | 		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); | ||||||
| 
 | 
 | ||||||
| 		if (cidr > 32) | 		if (!cidr || cidr > 32) | ||||||
| 			return -IPSET_ERR_INVALID_CIDR; | 			return -IPSET_ERR_INVALID_CIDR; | ||||||
| 		ip_set_mask_from_to(ip, ip_to, cidr); | 		ip_set_mask_from_to(ip, ip_to, cidr); | ||||||
| 	} else | 	} else | ||||||
|  | |||||||
| @ -290,7 +290,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[], | |||||||
| 	} else if (tb[IPSET_ATTR_CIDR]) { | 	} else if (tb[IPSET_ATTR_CIDR]) { | ||||||
| 		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); | 		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]); | ||||||
| 
 | 
 | ||||||
| 		if (cidr > 32) | 		if (!cidr || cidr > 32) | ||||||
| 			return -IPSET_ERR_INVALID_CIDR; | 			return -IPSET_ERR_INVALID_CIDR; | ||||||
| 		ip_set_mask_from_to(ip, ip_to, cidr); | 		ip_set_mask_from_to(ip, ip_to, cidr); | ||||||
| 	} | 	} | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Jozsef Kadlecsik
						Jozsef Kadlecsik