Merge with git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git

author: Adrian Bunk <bunk@r063144.stusta.swh.mhn.de> 2006-03-20 18:30:36 +0100
committer: Adrian Bunk <bunk@r063144.stusta.swh.mhn.de> 2006-03-20 18:30:36 +0100
commit: 0f76ee451484d02c7405d92e7bceb39b415abb01 (patch)
tree: 9722f84281f786ba48971dde057f5171a49969e4 /net/bridge/netfilter/ebtables.c
parent: 01d206a7c1167639f6ca6dac22140fbdca017558 (diff)
parent: 7705a8792b0fc82fd7d4dd923724606bbfd9fb20 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 00729b3604f..cbd4020cc84 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -934,6 +934,13 @@ static int do_replace(void __user *user, unsigned int len)
 		BUGPRINT("Entries_size never zero\n");
 		return -EINVAL;
 	}
+	/* overflow check */
+	if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / NR_CPUS -
+			SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
+		return -ENOMEM;
+	if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter))
+		return -ENOMEM;
+
 	countersize = COUNTER_OFFSET(tmp.nentries) * 
 					(highest_possible_processor_id()+1);
 	newinfo = (struct ebt_table_info *)
author	Adrian Bunk <bunk@r063144.stusta.swh.mhn.de>	2006-03-20 18:30:36 +0100
committer	Adrian Bunk <bunk@r063144.stusta.swh.mhn.de>	2006-03-20 18:30:36 +0100
commit	0f76ee451484d02c7405d92e7bceb39b415abb01 (patch)
tree	9722f84281f786ba48971dde057f5171a49969e4 /net/bridge/netfilter/ebtables.c
parent	01d206a7c1167639f6ca6dac22140fbdca017558 (diff)
parent	7705a8792b0fc82fd7d4dd923724606bbfd9fb20 (diff)