]> git.itanic.dy.fi Git - linux-stable/commit
projects / linux-stable / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 01acb2e) | patch
netfilter: nft_limit: reject configurations that cause integer overflow
authorFlorian Westphal <fw@strlen.de>
Fri, 19 Jan 2024 12:11:32 +0000 (13:11 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 24 Jan 2024 19:01:16 +0000 (20:01 +0100)
commitc9d9eb9c53d37cdebbad56b91e40baf42d5a97aa
tree589e2e69c942f3c4110682995a8748ffddf46171tree | snapshot
parent01acb2e8666a6529697141a6017edbf206921913commit | diff
netfilter: nft_limit: reject configurations that cause integer overflow

Reject bogus configs where internal token counter wraps around.
This only occurs with very very large requests, such as 17gbyte/s.

Its better to reject this rather than having incorrect ratelimit.

Fixes: d2168e849ebf ("netfilter: nft_limit: add per-byte limiting")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_limit.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.