Merge branch 'master'

author: Jeff Garzik <jgarzik@pobox.com> 2006-02-07 09:47:12 +0300
committer: Jeff Garzik <jgarzik@pobox.com> 2006-02-07 09:47:12 +0300
commit: 3c9b3a8575b4f2551e3b5b74ffa1c3559c6338eb (patch)
tree: 7f8d84353852401ec74e005f6f0b1eb958b9a70d /net/ipv4/netfilter/ip_tables.c
parent: c0d3c0c0ce94d3db893577ae98e64414d92e49d8 (diff)
parent: c03296a868ae7c91aa2d8b372184763b18f16d7a (diff)
download: linux-3c9b3a8575b4f2551e3b5b74ffa1c3559c6338eb.tar.xz
1 files changed, 7 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 2371b2062c2d..16f47c675fef 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -921,6 +921,13 @@ do_replace(void __user *user, unsigned int len)
 	if (len != sizeof(tmp) + tmp.size)
 		return -ENOPROTOOPT;
 
+	/* overflow check */
+	if (tmp.size >= (INT_MAX - sizeof(struct xt_table_info)) / NR_CPUS -
+			SMP_CACHE_BYTES)
+		return -ENOMEM;
+	if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters))
+		return -ENOMEM;
+
 	newinfo = xt_alloc_table_info(tmp.size);
 	if (!newinfo)
 		return -ENOMEM;
author	Jeff Garzik <jgarzik@pobox.com>	2006-02-07 09:47:12 +0300
committer	Jeff Garzik <jgarzik@pobox.com>	2006-02-07 09:47:12 +0300
commit	3c9b3a8575b4f2551e3b5b74ffa1c3559c6338eb (patch)
tree	7f8d84353852401ec74e005f6f0b1eb958b9a70d /net/ipv4/netfilter/ip_tables.c
parent	c0d3c0c0ce94d3db893577ae98e64414d92e49d8 (diff)
parent	c03296a868ae7c91aa2d8b372184763b18f16d7a (diff)
download	linux-3c9b3a8575b4f2551e3b5b74ffa1c3559c6338eb.tar.xz