netfilter: ipset: Fix warn: integer overflows 'sizeof(*map) + size * set->dsize'

Dan Carpenter reported that the static checker emits the warning net/netfilter/ipset/ip_set_list_set.c:600 init_list_set() warn: integer overflows 'sizeof(*map) + size * set->dsize' Limit the maximal number of elements in list type of sets. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
author: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2014-08-05 22:02:34 +0200
committer: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2014-08-24 19:33:10 +0200
commit: 1b05756c48ea07ced9604ef01d11194d936da163 (patch)
tree: dc983e436607c9280f3d2bcea831d61d1e572b1a /net/netfilter/ipset/ip_set_list_set.c
parent: netfilter: ipset: Resolve missing-field-initializer warnings (diff)
download: linux-dev-1b05756c48ea07ced9604ef01d11194d936da163.tar.xz
linux-dev-1b05756c48ea07ced9604ef01d11194d936da163.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/ipset/ip_set_list_set.c b/net/netfilter/ipset/ip_set_list_set.c
index 3e2317f3cf68..f87adbad6076 100644
--- a/net/netfilter/ipset/ip_set_list_set.c
+++ b/net/netfilter/ipset/ip_set_list_set.c
@@ -597,7 +597,9 @@ init_list_set(struct net *net, struct ip_set *set, u32 size)
 	struct set_elem *e;
 	u32 i;
 
-	map = kzalloc(sizeof(*map) + size * set->dsize, GFP_KERNEL);
+	map = kzalloc(sizeof(*map) +
+		      min_t(u32, size, IP_SET_LIST_MAX_SIZE) * set->dsize,
+		      GFP_KERNEL);
 	if (!map)
 		return false;
author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2014-08-05 22:02:34 +0200
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2014-08-24 19:33:10 +0200
commit	1b05756c48ea07ced9604ef01d11194d936da163 (patch)
tree	dc983e436607c9280f3d2bcea831d61d1e572b1a /net/netfilter/ipset/ip_set_list_set.c
parent	netfilter: ipset: Resolve missing-field-initializer warnings (diff)
download	linux-dev-1b05756c48ea07ced9604ef01d11194d936da163.tar.xz linux-dev-1b05756c48ea07ced9604ef01d11194d936da163.zip