]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f174c5f) | patch
netfilter: expect: Make sure the max_expected limit is effective
authorGao Feng <fgao@ikuai8.com>
Fri, 24 Mar 2017 13:32:19 +0000 (21:32 +0800)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 6 Apr 2017 16:32:16 +0000 (18:32 +0200)
commit5c54ea28a58140118f7656a529aecd29c1450da6
tree9c493bd487511b3230393788568bfe3ae3ae81a2tree | snapshot
parentf174c5f92759427b5baf7be6ac8a771c2750301acommit | diff
netfilter: expect: Make sure the max_expected limit is effective

Because the type of expecting, the member of nf_conn_help, is u8, it
would overflow after reach U8_MAX(255). So it doesn't work when we
configure the max_expected exceeds 255 with expect policy.

Now add the check for max_expected. Return the -EINVAL when it exceeds
the limit.

Signed-off-by: Gao Feng <fgao@ikuai8.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_conntrack_expect.h diff | blob | history
net/netfilter/nf_conntrack_helper.c diff | blob | history
net/netfilter/nf_conntrack_irc.c diff | blob | history
net/netfilter/nfnetlink_cthelper.c diff | blob | history
Linux Kernel Source Tree.