Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 53b70287 authored by Patrick McHardy's avatar Patrick McHardy Committed by Pablo Neira Ayuso
Browse files

netfilter: nf_tables: fix overrun in nf_tables_set_alloc_name() 



The map that is used to allocate anonymous sets is indeed
BITS_PER_BYTE * PAGE_SIZE long.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent e53376be

net/netfilter/nf_tables_api.c

+2 −2
Original line number Diff line number Diff line
@@ -1989,13 +1989,13 @@ static int nf_tables_set_alloc_name(struct nft_ctx *ctx, struct nft_set *set, 


			if (!sscanf(i->name, name, &tmp))

				continue;

			if (tmp < 0 || tmp > BITS_PER_LONG * PAGE_SIZE)

			if (tmp < 0 || tmp >= BITS_PER_BYTE * PAGE_SIZE)

				continue;



			set_bit(tmp, inuse);

		}



		n = find_first_zero_bit(inuse, BITS_PER_LONG * PAGE_SIZE);

		n = find_first_zero_bit(inuse, BITS_PER_BYTE * PAGE_SIZE);

		free_page((unsigned long)inuse);

	}