diff options
author | Patrick McHardy <kaber@trash.net> | 2014-02-05 12:26:22 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-02-05 17:46:07 +0100 |
commit | 53b70287ddf487a38b7cbf0a10db28f40714b799 (patch) | |
tree | 314988aaaead3152a8a558d2e886e83b82626e97 /net | |
parent | e53376bef2cd97d3e3f61fdc677fb8da7d03d0da (diff) | |
download | lwn-53b70287ddf487a38b7cbf0a10db28f40714b799.tar.gz lwn-53b70287ddf487a38b7cbf0a10db28f40714b799.zip |
netfilter: nf_tables: fix overrun in nf_tables_set_alloc_name()
The map that is used to allocate anonymous sets is indeed
BITS_PER_BYTE * PAGE_SIZE long.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nf_tables_api.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 9ce30534f853..2a22a186eb3d 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1989,13 +1989,13 @@ static int nf_tables_set_alloc_name(struct nft_ctx *ctx, struct nft_set *set, if (!sscanf(i->name, name, &tmp)) continue; - if (tmp < 0 || tmp > BITS_PER_LONG * PAGE_SIZE) + if (tmp < 0 || tmp >= BITS_PER_BYTE * PAGE_SIZE) continue; set_bit(tmp, inuse); } - n = find_first_zero_bit(inuse, BITS_PER_LONG * PAGE_SIZE); + n = find_first_zero_bit(inuse, BITS_PER_BYTE * PAGE_SIZE); free_page((unsigned long)inuse); } |