From 1d583d22ec1dc6839bc3ad2ee6c96969e93cf333 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 5 May 2009 17:46:07 +0200 Subject: [PATCH] --- yaml --- r: 144758 b: refs/heads/master c: 280f37afa2c270ff029cb420b34396aa002909c3 h: refs/heads/master v: v3 --- [refs] | 2 +- trunk/include/linux/netfilter/xt_cluster.h | 2 ++ trunk/net/netfilter/xt_cluster.c | 8 +++++++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/[refs] b/[refs] index e4fc89008894..fa284075f860 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: b98b4947cb79d670fceca0e951c092eea93e9baa +refs/heads/master: 280f37afa2c270ff029cb420b34396aa002909c3 diff --git a/trunk/include/linux/netfilter/xt_cluster.h b/trunk/include/linux/netfilter/xt_cluster.h index 5e0a0d07b526..886682656f09 100644 --- a/trunk/include/linux/netfilter/xt_cluster.h +++ b/trunk/include/linux/netfilter/xt_cluster.h @@ -12,4 +12,6 @@ struct xt_cluster_match_info { u_int32_t flags; }; +#define XT_CLUSTER_NODES_MAX 32 + #endif /* _XT_CLUSTER_MATCH_H */ diff --git a/trunk/net/netfilter/xt_cluster.c b/trunk/net/netfilter/xt_cluster.c index 6c4847662b85..69a639f35403 100644 --- a/trunk/net/netfilter/xt_cluster.c +++ b/trunk/net/netfilter/xt_cluster.c @@ -135,7 +135,13 @@ static bool xt_cluster_mt_checkentry(const struct xt_mtchk_param *par) { struct xt_cluster_match_info *info = par->matchinfo; - if (info->node_mask >= (1 << info->total_nodes)) { + if (info->total_nodes > XT_CLUSTER_NODES_MAX) { + printk(KERN_ERR "xt_cluster: you have exceeded the maximum " + "number of cluster nodes (%u > %u)\n", + info->total_nodes, XT_CLUSTER_NODES_MAX); + return false; + } + if (info->node_mask >= (1ULL << info->total_nodes)) { printk(KERN_ERR "xt_cluster: this node mask cannot be " "higher than the total number of nodes\n"); return false;