git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
	Thu, 21 Feb 2019 10:42:43 +0000 (18:42 +0800)
committer	Khalid Elmously <khalid.elmously@canonical.com>
	Mon, 4 Mar 2019 01:57:00 +0000 (20:57 -0500)
commit	29fbba2900144bfc9d8bc2ab6135d8ce102d5095
tree	d40da497beb1690b5693510fb476a27a20a17996	tree
parent	8ad08188cdb9605510cc0d02a1fb4e262e0bc786	commit \| diff

netfilter: ipset: Fix wraparound in hash:*net* types

BugLink: https://bugs.launchpad.net/bugs/1811394
Fix wraparound bug which could lead to memory exhaustion when adding an
x.x.x.x-255.255.255.255 range to any hash:*net* types.

Fixes Netfilter's bugzilla id #1212, reported by Thomas Schwark.

Fixes: 48596a8ddc46 ("netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses")
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 0b8d9073539e217f79ec1bff65eb205ac796723d)
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Acked-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

net/netfilter/ipset/ip_set_hash_ipportnet.c		diff \| blob \| blame \| history
net/netfilter/ipset/ip_set_hash_net.c		diff \| blob \| blame \| history
net/netfilter/ipset/ip_set_hash_netiface.c		diff \| blob \| blame \| history
net/netfilter/ipset/ip_set_hash_netnet.c		diff \| blob \| blame \| history
net/netfilter/ipset/ip_set_hash_netport.c		diff \| blob \| blame \| history
net/netfilter/ipset/ip_set_hash_netportnet.c		diff \| blob \| blame \| history