aboutsummaryrefslogtreecommitdiff
path: root/net/bridge
diff options
context:
space:
mode:
authorChris Wright <chrisw@sous-sol.org>2006-11-20 15:02:49 -0800
committerLinus Torvalds <torvalds@woody.osdl.org>2006-11-28 17:26:50 -0800
commitba8379b220509e9448c00a77cf6c15ac2a559cc7 (patch)
tree53bba162f0a7e7e75849cea14e981e2f204ae478 /net/bridge
parent24d7bb3396c51ceb2285e0e7b0c1bd1865652c43 (diff)
[PATCH] bridge: fix possible overflow in get_fdb_entries
Make sure to properly clamp maxnum to avoid overflow Signed-off-by: Chris Wright <chrisw@sous-sol.org> Acked-by: Eugene Teo <eteo@redhat.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'net/bridge')
-rw-r--r--net/bridge/br_ioctl.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/net/bridge/br_ioctl.c b/net/bridge/br_ioctl.c
index 4e4119a1213..4c61a7e0a86 100644
--- a/net/bridge/br_ioctl.c
+++ b/net/bridge/br_ioctl.c
@@ -58,12 +58,13 @@ static int get_fdb_entries(struct net_bridge *br, void __user *userbuf,
{
int num;
void *buf;
- size_t size = maxnum * sizeof(struct __fdb_entry);
+ size_t size;
- if (size > PAGE_SIZE) {
- size = PAGE_SIZE;
+ /* Clamp size to PAGE_SIZE, test maxnum to avoid overflow */
+ if (maxnum > PAGE_SIZE/sizeof(struct __fdb_entry))
maxnum = PAGE_SIZE/sizeof(struct __fdb_entry);
- }
+
+ size = maxnum * sizeof(struct __fdb_entry);
buf = kmalloc(size, GFP_USER);
if (!buf)