Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b9fed748 authored by Jozsef Kadlecsik's avatar Jozsef Kadlecsik
Browse files

netfilter: ipset: Check and reject crazy /0 input parameters 



bitmap:ip and bitmap:ip,mac type did not reject such a crazy range
when created and using such a set results in a kernel crash.
The hash types just silently ignored such parameters.

Reject invalid /0 input parameters explicitely.

Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
parent 6e27c9b4

net/netfilter/ipset/ip_set_bitmap_ip.c

+6 −4
Original line number Diff line number Diff line
@@ -284,7 +284,7 @@ bitmap_ip_uadt(struct ip_set *set, struct nlattr *tb[], 
	} else if (tb[IPSET_ATTR_CIDR]) {

		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);



		if (cidr > 32)

		if (!cidr || cidr > 32)

			return -IPSET_ERR_INVALID_CIDR;

		ip_set_mask_from_to(ip, ip_to, cidr);

	} else
@@ -454,7 +454,8 @@ static int 
bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)

{

	struct bitmap_ip *map;

	u32 first_ip, last_ip, hosts, elements;

	u32 first_ip, last_ip, hosts;

	u64 elements;

	u8 netmask = 32;

	int ret;
@@ -497,7 +498,7 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) 


	if (netmask == 32) {

		hosts = 1;

		elements = last_ip - first_ip + 1;

		elements = (u64)last_ip - first_ip + 1;

	} else {

		u8 mask_bits;

		u32 mask;
@@ -515,7 +516,8 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) 
	if (elements > IPSET_BITMAP_MAX_RANGE + 1)

		return -IPSET_ERR_BITMAP_RANGE_SIZE;



	pr_debug("hosts %u, elements %u\n", hosts, elements);

	pr_debug("hosts %u, elements %llu\n",

		 hosts, (unsigned long long)elements);



	map = kzalloc(sizeof(*map), GFP_KERNEL);

	if (!map)

net/netfilter/ipset/ip_set_bitmap_ipmac.c

+3 −2
Original line number Diff line number Diff line
@@ -557,7 +557,8 @@ static int 
bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[],

		    u32 flags)

{

	u32 first_ip, last_ip, elements;

	u32 first_ip, last_ip;

	u64 elements;

	struct bitmap_ipmac *map;

	int ret;
@@ -588,7 +589,7 @@ bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[], 
	} else

		return -IPSET_ERR_PROTOCOL;



	elements = last_ip - first_ip + 1;

	elements = (u64)last_ip - first_ip + 1;



	if (elements > IPSET_BITMAP_MAX_RANGE + 1)

		return -IPSET_ERR_BITMAP_RANGE_SIZE;

net/netfilter/ipset/ip_set_hash_ip.c

+1 −1
Original line number Diff line number Diff line
@@ -179,7 +179,7 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[], 
	} else if (tb[IPSET_ATTR_CIDR]) {

		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);



		if (cidr > 32)

		if (!cidr || cidr > 32)

			return -IPSET_ERR_INVALID_CIDR;

		ip_set_mask_from_to(ip, ip_to, cidr);

	} else

net/netfilter/ipset/ip_set_hash_ipport.c

+1 −1
Original line number Diff line number Diff line
@@ -217,7 +217,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[], 
	} else if (tb[IPSET_ATTR_CIDR]) {

		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);



		if (cidr > 32)

		if (!cidr || cidr > 32)

			return -IPSET_ERR_INVALID_CIDR;

		ip_set_mask_from_to(ip, ip_to, cidr);

	} else

net/netfilter/ipset/ip_set_hash_ipportip.c

+1 −1
Original line number Diff line number Diff line
@@ -225,7 +225,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[], 
	} else if (tb[IPSET_ATTR_CIDR]) {

		u8 cidr = nla_get_u8(tb[IPSET_ATTR_CIDR]);



		if (cidr > 32)

		if (!cidr || cidr > 32)

			return -IPSET_ERR_INVALID_CIDR;

		ip_set_mask_from_to(ip, ip_to, cidr);

	} else