xt_geoip: check for allocation overflow

author Jan Engelhardt <jengelh@inai.de>

Mon, 26 Jun 2017 20:02:35 +0000 (22:02 +0200)

committer Jan Engelhardt <jengelh@inai.de>

Mon, 26 Jun 2017 20:03:53 +0000 (22:03 +0200)
author Jan Engelhardt <jengelh@inai.de>
Mon, 26 Jun 2017 20:02:35 +0000 (22:02 +0200)
committer Jan Engelhardt <jengelh@inai.de>
Mon, 26 Jun 2017 20:03:53 +0000 (22:03 +0200)
diff --git a/extensions/xt_geoip.c b/extensions/xt_geoip.c

index e30c8270de38c36978103ee98a29a2de6ca7144e..27e60a4643b7d8486eb0ee6df5ae7dbb12013bf2 100644 (file)
--- a/extensions/xt_geoip.c
+++ b/extensions/xt_geoip.c
@@ -75,7 +75,8 @@ geoip_add_node(const struct geoip_country_user __user *umem_ptr,
  
         if (copy_from_user(&umem, umem_ptr, sizeof(umem)) != 0)
                 return ERR_PTR(-EFAULT);
-
+       if (umem.count > SIZE_MAX / geoproto_size[proto])
+               return ERR_PTR(-E2BIG);
         p = kmalloc(sizeof(struct geoip_country_kernel), GFP_KERNEL);
         if (p == NULL)
                 return ERR_PTR(-ENOMEM);
author	Jan Engelhardt <jengelh@inai.de>
	Mon, 26 Jun 2017 20:02:35 +0000 (22:02 +0200)
committer	Jan Engelhardt <jengelh@inai.de>
	Mon, 26 Jun 2017 20:03:53 +0000 (22:03 +0200)