]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 17f0592) | patch
netfilter: ipset: Limit the maximal range of consecutive elements to add/delete
authorJozsef Kadlecsik <kadlec@netfilter.org>
Wed, 28 Jul 2021 15:01:15 +0000 (17:01 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 4 Aug 2021 08:41:03 +0000 (10:41 +0200)
commitec61455f9b2cef8f1c846b3d6f61688e13364e98
treebce22856b41c8a21912bda7a40cd77275f2a54e7tree | snapshot
parent17f05920b6736002e69ff1c98d49d83befcea2e6commit | diff
netfilter: ipset: Limit the maximal range of consecutive elements to add/delete

The range size of consecutive elements were not limited. Thus one could
define a huge range which may result soft lockup errors due to the long
execution time. Now the range size is limited to 2^20 entries.

Reported-by: Brad Spengler <spender@grsecurity.net>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/linux/netfilter/ipset/ip_set.h diff | blob | history
net/netfilter/ipset/ip_set_hash_ip.c diff | blob | history
net/netfilter/ipset/ip_set_hash_ipmark.c diff | blob | history
net/netfilter/ipset/ip_set_hash_ipport.c diff | blob | history
net/netfilter/ipset/ip_set_hash_ipportip.c diff | blob | history
net/netfilter/ipset/ip_set_hash_ipportnet.c diff | blob | history
net/netfilter/ipset/ip_set_hash_net.c diff | blob | history
net/netfilter/ipset/ip_set_hash_netiface.c diff | blob | history
net/netfilter/ipset/ip_set_hash_netnet.c diff | blob | history
net/netfilter/ipset/ip_set_hash_netport.c diff | blob | history
net/netfilter/ipset/ip_set_hash_netportnet.c diff | blob | history
Linux Kernel Source Tree.