| Message ID | 1340998948-29672-2-git-send-email-kadlec@blackhole.kfki.hu |
|---|---|
| State | Accepted |
| Headers | show |
On Fri, Jun 29, 2012 at 09:42:28PM +0200, Jozsef Kadlecsik wrote: > The patch "Fix timeout value overflow bug at large timeout parameters" > broke the SET target when no timeout was specified (reported by > Jean-Philippe Menil). > > Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> I've enqueued this for 3.5-rc, thanks Jozsef. I'll pass this to -stable 3.4 once this hit Linus tree. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/netfilter/xt_set.c b/net/netfilter/xt_set.c index 035960e..b172cbc 100644 --- a/net/netfilter/xt_set.c +++ b/net/netfilter/xt_set.c @@ -16,6 +16,7 @@ #include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_set.h> +#include <linux/netfilter/ipset/ip_set_timeout.h> MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); @@ -310,7 +311,8 @@ set_target_v2(struct sk_buff *skb, const struct xt_action_param *par) info->del_set.flags, 0, UINT_MAX); /* Normalize to fit into jiffies */ - if (add_opt.timeout > UINT_MAX/MSEC_PER_SEC) + if (add_opt.timeout != IPSET_NO_TIMEOUT + && add_opt.timeout > UINT_MAX/MSEC_PER_SEC) add_opt.timeout = UINT_MAX/MSEC_PER_SEC; if (info->add_set.index != IPSET_INVALID_ID) ip_set_add(info->add_set.index, skb, par, &add_opt);
The patch "Fix timeout value overflow bug at large timeout parameters" broke the SET target when no timeout was specified (reported by Jean-Philippe Menil). Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> --- net/netfilter/xt_set.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-)