netfilter: ipset: fix timeout value overflow bug

Large timeout parameters could result wrong timeout values due to an overflow at msec to jiffies conversion (reported by Andreas Herz) [ This patch was mangled by Pablo Neira Ayuso since David Laight and Eric Dumazet noticed that we were using hardcoded 1000 instead of MSEC_PER_SEC to calculate the timeout ] Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2012-05-07 02:35:44 +0000
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2012-05-17 00:56:41 +0200
commit: 127f559127f5175e4bec3dab725a34845d956591 (patch)
tree: 1fe965b02a8c54835caca7e88b0d8e28f9286127 /include
parent: 1a4ac9870fb82eed56623d0f69ec59aa5bef85fe (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/include/linux/netfilter/ipset/ip_set_timeout.h b/include/linux/netfilter/ipset/ip_set_timeout.h
index 47923205a4ad..41d9cfa08167 100644
--- a/include/linux/netfilter/ipset/ip_set_timeout.h
+++ b/include/linux/netfilter/ipset/ip_set_timeout.h
@@ -30,6 +30,10 @@ ip_set_timeout_uget(struct nlattr *tb)
 {
 	unsigned int timeout = ip_set_get_h32(tb);
 
+	/* Normalize to fit into jiffies */
+	if (timeout > UINT_MAX/MSEC_PER_SEC)
+		timeout = UINT_MAX/MSEC_PER_SEC;
+
 	/* Userspace supplied TIMEOUT parameter: adjust crazy size */
 	return timeout == IPSET_NO_TIMEOUT ? IPSET_NO_TIMEOUT - 1 : timeout;
 }
author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2012-05-07 02:35:44 +0000
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2012-05-17 00:56:41 +0200
commit	127f559127f5175e4bec3dab725a34845d956591 (patch)
tree	1fe965b02a8c54835caca7e88b0d8e28f9286127 /include
parent	1a4ac9870fb82eed56623d0f69ec59aa5bef85fe (diff)