]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
projects / thirdparty / kernel / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 570e454)
icmp: prevent possible overflow in icmp_global_allow()
authorEric Dumazet <edumazet@google.com>
Mon, 16 Feb 2026 14:28:28 +0000 (14:28 +0000)
committerJakub Kicinski <kuba@kernel.org>
Thu, 19 Feb 2026 00:46:36 +0000 (16:46 -0800)
Following expression can overflow
if sysctl_icmp_msgs_per_sec is big enough.

sysctl_icmp_msgs_per_sec * delta / HZ;

Fixes: 4cdf507d5452 ("icmp: add a global rate limitation")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
Link: https://patch.msgid.link/20260216142832.3834174-2-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
net/ipv4/icmp.c patch | blob | blame | history

diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index e216b6df633123ed475e28907d788db6bfb42115..eff8487c0aba8df0d1e515b9ac6ff7f9ac1de436 100644 (file)
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -250,7 +250,8 @@ bool icmp_global_allow(struct net *net)
        if (delta < HZ / 50)
                return false;
 
-       incr = READ_ONCE(net->ipv4.sysctl_icmp_msgs_per_sec) * delta / HZ;
+       incr = READ_ONCE(net->ipv4.sysctl_icmp_msgs_per_sec);
+       incr = div_u64((u64)incr * delta, HZ);
        if (!incr)
                return false;
 
A mirror of Linus' kernel repository