]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5e586f9) | patch
netfilter: conntrack: clamp timeouts to INT_MAX
authorJay Elliott <jelliott@arista.com>
Wed, 15 Nov 2017 23:01:13 +0000 (15:01 -0800)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 28 Nov 2017 00:17:04 +0000 (01:17 +0100)
commitd6430748a19f66d27980361e39c6f6225130f063
tree0d4f9364bc5ef3f6fbf1ed9ac464262b632f9ffdtree | snapshot
parent5e586f9745352cd98c326fab07eaba87b4e43db1commit | diff
netfilter: conntrack: clamp timeouts to INT_MAX

When the conntracking code multiplies a timeout by HZ, it can overflow
from positive to negative; this causes it to instantly expire.  To
protect against this the multiplication is done in 64-bit so we can
prevent it from exceeding INT_MAX.

Signed-off-by: Jay Elliott <jelliott@arista.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_conntrack_netlink.c diff | blob | history
Linux Kernel Source Tree.