From 9f5be2404ba5c8c72187d82cf35c7c428d0215c2 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 15 Jan 2023 15:14:10 +0100
Subject: [PATCH] 4.19-stable patches

added patches:
	netfilter-ipset-fix-overflow-before-widen-in-the-bitmap_ip_create-function.patch
---
 ...den-in-the-bitmap_ip_create-function.patch | 41 +++++++++++++++++++
 queue-4.19/series                             |  1 +
 2 files changed, 42 insertions(+)
 create mode 100644 queue-4.19/netfilter-ipset-fix-overflow-before-widen-in-the-bitmap_ip_create-function.patch

diff --git a/queue-4.19/netfilter-ipset-fix-overflow-before-widen-in-the-bitmap_ip_create-function.patch b/queue-4.19/netfilter-ipset-fix-overflow-before-widen-in-the-bitmap_ip_create-function.patch
new file mode 100644
index 00000000000..9249256a941
--- /dev/null
+++ b/queue-4.19/netfilter-ipset-fix-overflow-before-widen-in-the-bitmap_ip_create-function.patch
@@ -0,0 +1,41 @@
+From 9ea4b476cea1b7d461d16dda25ca3c7e616e2d15 Mon Sep 17 00:00:00 2001
+From: Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>
+Date: Wed, 11 Jan 2023 11:57:39 +0000
+Subject: netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
+
+From: Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>
+
+commit 9ea4b476cea1b7d461d16dda25ca3c7e616e2d15 upstream.
+
+When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value of
+an arithmetic expression 2 << (netmask - mask_bits - 1) is subject
+to overflow due to a failure casting operands to a larger data type
+before performing the arithmetic.
+
+Note that it's harmless since the value will be checked at the next step.
+
+Found by InfoTeCS on behalf of Linux Verification Center
+(linuxtesting.org) with SVACE.
+
+Fixes: b9fed748185a ("netfilter: ipset: Check and reject crazy /0 input parameters")
+Signed-off-by: Ilia.Gavrilov <Ilia.Gavrilov@infotecs.ru>
+Reviewed-by: Simon Horman <simon.horman@corigine.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/ipset/ip_set_bitmap_ip.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/netfilter/ipset/ip_set_bitmap_ip.c
++++ b/net/netfilter/ipset/ip_set_bitmap_ip.c
+@@ -299,8 +299,8 @@ bitmap_ip_create(struct net *net, struct
+ 			return -IPSET_ERR_BITMAP_RANGE;
+ 
+ 		pr_debug("mask_bits %u, netmask %u\n", mask_bits, netmask);
+-		hosts = 2 << (32 - netmask - 1);
+-		elements = 2 << (netmask - mask_bits - 1);
++		hosts = 2U << (32 - netmask - 1);
++		elements = 2UL << (netmask - mask_bits - 1);
+ 	}
+ 	if (elements > IPSET_BITMAP_MAX_RANGE + 1)
+ 		return -IPSET_ERR_BITMAP_RANGE_SIZE;
diff --git a/queue-4.19/series b/queue-4.19/series
index ff6c0167dcc..252378ac5ea 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -499,3 +499,4 @@ ext4-generalize-extents-status-tree-search-functions.patch
 ext4-add-new-pending-reservation-mechanism.patch
 ext4-fix-reserved-cluster-accounting-at-delayed-writ.patch
 ext4-fix-delayed-allocation-bug-in-ext4_clu_mapped-f.patch
+netfilter-ipset-fix-overflow-before-widen-in-the-bitmap_ip_create-function.patch
-- 
2.47.3