projects
/
linux-flexiantxendom0-3.2.10.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
netfilter: ipset: fix hash size checking in kernel
[linux-flexiantxendom0-3.2.10.git]
/
net
/
netfilter
/
ipset
/
ip_set_hash_ip.c
diff --git
a/net/netfilter/ipset/ip_set_hash_ip.c
b/net/netfilter/ipset/ip_set_hash_ip.c
index
5139dea
..
828ce46
100644
(file)
--- a/
net/netfilter/ipset/ip_set_hash_ip.c
+++ b/
net/netfilter/ipset/ip_set_hash_ip.c
@@
-364,6
+364,7
@@
hash_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
{
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 netmask, hbits;
{
u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
u8 netmask, hbits;
+ size_t hsize;
struct ip_set_hash *h;
if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
struct ip_set_hash *h;
if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
@@
-405,9
+406,12
@@
hash_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
h->timeout = IPSET_NO_TIMEOUT;
hbits = htable_bits(hashsize);
h->timeout = IPSET_NO_TIMEOUT;
hbits = htable_bits(hashsize);
- h->table = ip_set_alloc(
- sizeof(struct htable)
- + jhash_size(hbits) * sizeof(struct hbucket));
+ hsize = htable_size(hbits);
+ if (hsize == 0) {
+ kfree(h);
+ return -ENOMEM;
+ }
+ h->table = ip_set_alloc(hsize);
if (!h->table) {
kfree(h);
return -ENOMEM;
if (!h->table) {
kfree(h);
return -ENOMEM;