netfilter: nftables: avoid potential overflows on 32bit arches
authorEric Dumazet <edumazet@google.com>
Thu, 9 Sep 2021 14:03:35 +0000 (16:03 +0200)
committerSalvatore Bonaccorso <carnil@debian.org>
Thu, 23 Sep 2021 20:35:21 +0000 (21:35 +0100)
commitbbad78e8efde66b272e366b6c2c9480c2206c8ef
tree830956470be24e505acbdcf33cf624a1e3efc212
parent18807a3f8fa643e38323b365ca7be8073b8b9f2e
netfilter: nftables: avoid potential overflows on 32bit arches

Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=3fda454f909cda927a02a75e48ef5ee49497f120

commit 6c8774a94e6ad26f29ef103c8671f55c255c6201 upstream.

User space could ask for very large hash tables, we need to make sure
our size computations wont overflow.

nf_tables_newset() needs to double check the u64 size
will fit into size_t field.

Fixes: 0ed6389c483d ("netfilter: nf_tables: rename set implementations")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name netfilter-nftables-avoid-potential-overflows-on-32bi.patch
net/netfilter/nf_tables_api.c
net/netfilter/nft_set_hash.c