netfilter: xt_time: use unsigned int for monthday bit shift

[ Upstream commit 00050ec08cecfda447e1209b388086d76addda3a ]

The monthday field can be up to 31, and shifting a signed integer 1
by 31 positions (1 << 31) is undefined behavior in C, as the result
overflows a 32-bit signed int. Use 1U to ensure well-defined behavior
for all valid monthday values.

Change the weekday shift to 1U as well for consistency.

Fixes: ee4411a1b1e0 ("[NETFILTER]: x_tables: add xt_time match")
Reported-by: Klaudia Kloc <klaudia@vidocsecurity.com>
Reported-by: Dawid Moczadło <dawid@vidocsecurity.com>
Tested-by: Jenny Guanni Qu <qguanni@gmail.com>
Signed-off-by: Jenny Guanni Qu <qguanni@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/netfilter/xt_time.c b/net/netfilter/xt_time.c
index 6aa12d0f54e23cfe9b4f61d3361eeed41b73c6aa..61de85e02a40fb6b5a3b67e4809dd55386104da8 100644 (file)
--- a/net/netfilter/xt_time.c
+++ b/net/netfilter/xt_time.c
@@ -227,13 +227,13 @@ time_mt(const struct sk_buff *skb, struct xt_action_param *par)
 
        localtime_2(&current_time, stamp);
 
-       if (!(info->weekdays_match & (1 << current_time.weekday)))
+       if (!(info->weekdays_match & (1U << current_time.weekday)))
                return false;
 
        /* Do not spend time computing monthday if all days match anyway */
        if (info->monthdays_match != XT_TIME_ALL_MONTHDAYS) {
                localtime_3(&current_time, stamp);
-               if (!(info->monthdays_match & (1 << current_time.monthday)))
+               if (!(info->monthdays_match & (1U << current_time.monthday)))
                        return false;
        }