Re: [PATCH v2] netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.

From: Pablo Neira Ayuso
Date: Wed Jan 11 2023 - 13:10:56 EST

Next message: Siddh Raman Pant: "Re: [PATCH v4] kernel/watch_queue: NULL the dangling *pipe, and use it for clear check"
Previous message: Suren Baghdasaryan: "Re: [PATCH 08/41] mm: introduce CONFIG_PER_VMA_LOCK"
In reply to: Simon Horman: "Re: [PATCH v2] netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 11, 2023 at 01:00:53PM +0100, Simon Horman wrote:
> On Wed, Jan 11, 2023 at 11:57:39AM +0000, Gavrilov Ilia wrote:
> > [You don't often get email from ilia.gavrilov@xxxxxxxxxxx. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
> >
> > When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value of
> > an arithmetic expression 2 << (netmask - mask_bits - 1) is subject
> > to overflow due to a failure casting operands to a larger data type
> > before performing the arithmetic.
> >
> > Note that it's harmless since the value will be checked at the next step.
> >
> > Found by InfoTeCS on behalf of Linux Verification Center
> > (linuxtesting.org) with SVACE.
> >
> > Fixes: b9fed748185a ("netfilter: ipset: Check and reject crazy /0 input parameters")
> > Signed-off-by: Ilia.Gavrilov <Ilia.Gavrilov@xxxxxxxxxxx>
>
> Reviewed-by: Simon Horman <simon.horman@xxxxxxxxxxxx>

Applied, thanks

Next message: Siddh Raman Pant: "Re: [PATCH v4] kernel/watch_queue: NULL the dangling *pipe, and use it for clear check"
Previous message: Suren Baghdasaryan: "Re: [PATCH 08/41] mm: introduce CONFIG_PER_VMA_LOCK"
In reply to: Simon Horman: "Re: [PATCH v2] netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]