netfilter: xt_time: use unsigned int for monthday bit shift

The monthday field can be up to 31, and shifting a signed integer 1
by 31 positions (1 << 31) is undefined behavior in C, as the result
overflows a 32-bit signed int. Use 1U to ensure well-defined behavior
for all valid monthday values.

Change the weekday shift to 1U as well for consistency.

Fixes: ee4411a1b1e0 ("[NETFILTER]: x_tables: add xt_time match")
Reported-by: Klaudia Kloc <klaudia@vidocsecurity.com>
Reported-by: Dawid Moczadło <dawid@vidocsecurity.com>
Tested-by: Jenny Guanni Qu <qguanni@gmail.com>
Signed-off-by: Jenny Guanni Qu <qguanni@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/net/netfilter/xt_time.c b/net/netfilter/xt_time.c
index 00319d2a54da23559a50fb8c60d1340ebb5cba83..d9d74011bb645326a1b2f6d30980aad33a6512af 100644 (file)
--- a/net/netfilter/xt_time.c
+++ b/net/netfilter/xt_time.c
@@ -223,13 +223,13 @@ time_mt(const struct sk_buff *skb, struct xt_action_param *par)
 
        localtime_2(&current_time, stamp);
 
-       if (!(info->weekdays_match & (1 << current_time.weekday)))
+       if (!(info->weekdays_match & (1U << current_time.weekday)))
                return false;
 
        /* Do not spend time computing monthday if all days match anyway */
        if (info->monthdays_match != XT_TIME_ALL_MONTHDAYS) {
                localtime_3(&current_time, stamp);
-               if (!(info->monthdays_match & (1 << current_time.monthday)))
+               if (!(info->monthdays_match & (1U << current_time.monthday)))
                        return false;
        }