From: Amerigo Wang <amwang@redhat.com> Date: Thu, 24 Sep 2009 05:49:27 -0400 Subject: [net] ipt_recent: sanity check hit count Message-id: 20090924095201.4810.50815.sendpatchset@localhost.localdomain O-Subject: [PATCH RHEL5.5] ipt_recent: sanity check hit count Bugzilla: 523982 RH-Acked-by: Jiri Pirko <jpirko@redhat.com> RH-Acked-by: Dean Nelson <dnelson@redhat.com> RH-Acked-by: David Miller <davem@redhat.com> BZ: https://bugzilla.redhat.com/show_bug.cgi?id=523982 Description: If a rule using ipt_recent is created with a hit count greater than ip_pkt_list_tot, the rule will never match as it cannot keep track of enough timestamps. This patch makes ipt_recent refuse to create such rules. Brew: https://brewweb.devel.redhat.com/taskinfo?taskID=2003172 KABI: No harm. Upstream status: Commit d0ebf133590abdc035af6e19a6568667af0ab3b0. Test status: I tested it on x86_64, it works as expected. Signed-off-by: WANG Cong <amwang@redhat.com> diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c index 61a2139..35d1725 100644 --- a/net/ipv4/netfilter/ipt_recent.c +++ b/net/ipv4/netfilter/ipt_recent.c @@ -246,6 +246,8 @@ ipt_recent_checkentry(const char *tablename, const void *ip, if ((info->check_set & (IPT_RECENT_SET | IPT_RECENT_REMOVE)) && (info->seconds || info->hit_count)) return 0; + if (info->hit_count > ip_pkt_list_tot) + return 0; if (info->name[0] == '\0' || strnlen(info->name, IPT_RECENT_NAME_LEN) == IPT_RECENT_NAME_LEN) return 0;