From patchwork Mon Jan 9 11:48:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Gavrilov Ilia X-Patchwork-Id: 40817 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp2110809wrt; Mon, 9 Jan 2023 03:56:05 -0800 (PST) X-Google-Smtp-Source: AMrXdXtH/RHh1O/NfwE05qIoCc9Ts/vwRL7SEa8Yb076jnB1KE5T4wJ4QUhxQOrvTyBituiLotuX X-Received: by 2002:a05:6402:2a02:b0:470:44eb:9e58 with SMTP id ey2-20020a0564022a0200b0047044eb9e58mr57871520edb.30.1673265365005; Mon, 09 Jan 2023 03:56:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673265364; cv=none; d=google.com; s=arc-20160816; b=VAiFzBRjvwRziyvsF9Hc8dTzVFWTDaMkvz5BvqwzFvosEHyterC24Tg+NeMuxJp6aC 4skOuHKAQ3j/Z04HKYRMheR7iZK4PE78yjnU8+N7tQ0DCLwdOY/yxwF5PQQgvgHAHSb1 fipvtdIJfxHppaD2BqTCnc2CDYC3Vjhk2wIuoTo/fXW4lw6S8StAG5MI71KM9Zwfsxdh jA1YJYGp4W6u534qKhmrkpEOpZjwJeHs/FV2p3J+KchZxk80SxdP2ix2vKTJ8r15AIaP oMLZNFICA3KGbWgFJY8tm20r62NPdKcgHOuvi1HImlSqSKF9Vo4MDWTEr9LJ5BaiZRBO G9cw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :content-language:accept-language:message-id:date:thread-index :subject:cc:to:from:dkim-signature:dkim-filter; bh=4zdJOxvdZxNjDpaPqZMAHCXnrnK4AhxLy6o/2/aYp9Q=; b=fW3haEsz7QNZpwDnFZkQ5JPaH++R5TU7VNImRLw/aOIMpQf7whm8DJ9fsprR6BmJY8 SPRgo4nupM6uEyQcLHFq/kTmKK2l/fqG9B/Wlw6jLoSRSXCICIpTPP9oMTEgJOeI2QGF 1ICuPY9IrXXZfrqhEh7z5OzqnazNPihAVgfb0yv6ISGib5nhlNfTrq3zmyQtlB5sLgfa x6TgfiXnNIk4aCeRZYXsCUcxs4hrwtO4+VblbOm4DqzcUuRBbAK1+jIiFBNMyyAUORdK /J8zGp8yfIITzWDO72aTtQQx/ZJXuhaqFRkmPoxdQPWiwif9wfi9IR91t4exmo51bZWa isIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infotecs.ru header.s=mx header.b=F6KwgIvV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=infotecs.ru Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n13-20020a05640205cd00b004841817039asi10721016edx.614.2023.01.09.03.55.41; Mon, 09 Jan 2023 03:56:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@infotecs.ru header.s=mx header.b=F6KwgIvV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=infotecs.ru Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237025AbjAILth (ORCPT + 99 others); Mon, 9 Jan 2023 06:49:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34096 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236907AbjAILtC (ORCPT ); Mon, 9 Jan 2023 06:49:02 -0500 Received: from mx0.infotecs.ru (mx0.infotecs.ru [91.244.183.115]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1B538DEC2; Mon, 9 Jan 2023 03:48:59 -0800 (PST) Received: from mx0.infotecs-nt (localhost [127.0.0.1]) by mx0.infotecs.ru (Postfix) with ESMTP id 9B69D1168200; Mon, 9 Jan 2023 14:48:55 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 mx0.infotecs.ru 9B69D1168200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infotecs.ru; s=mx; t=1673264935; bh=4zdJOxvdZxNjDpaPqZMAHCXnrnK4AhxLy6o/2/aYp9Q=; h=From:To:CC:Subject:Date:From; b=F6KwgIvVOtEaicCDqUyDeyEZnMP5wNs4hK+56ArpuvzYoTWoVF8xjAQGcdn6BVpJt t+ZrlbdBk0XYPKIwSdK1LTBbAU5LtU4sGduhMsIQIJiOXyy9Qk/CIR0QRpvpasTONh bUeNC3aR/HcEB2jNCDf21rXWbhBtNGhmNH2Rr78I= Received: from msk-exch-01.infotecs-nt (msk-exch-01.infotecs-nt [10.0.7.191]) by mx0.infotecs-nt (Postfix) with ESMTP id 9822730D0A0A; Mon, 9 Jan 2023 14:48:55 +0300 (MSK) Received: from msk-exch-01.infotecs-nt (10.0.7.191) by msk-exch-01.infotecs-nt (10.0.7.191) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.12; Mon, 9 Jan 2023 14:48:55 +0300 Received: from msk-exch-01.infotecs-nt ([fe80::89df:c35f:46be:fd07]) by msk-exch-01.infotecs-nt ([fe80::89df:c35f:46be:fd07%14]) with mapi id 15.02.1118.012; Mon, 9 Jan 2023 14:48:55 +0300 From: Gavrilov Ilia To: Pablo Neira Ayuso CC: Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , "netfilter-devel@vger.kernel.org" , "coreteam@netfilter.org" , "netdev@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "lvc-project@linuxtesting.org" Subject: Thread-Index: AQHZJCBZf/Vc9wORpEWtf73o0PLEEA== Date: Mon, 9 Jan 2023 11:48:55 +0000 Message-ID: <20230109114925.2996149-1-Ilia.Gavrilov@infotecs.ru> Accept-Language: ru-RU, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.17.0.10] x-exclaimer-md-config: 208ac3cd-1ed4-4982-a353-bdefac89ac0a MIME-Version: 1.0 X-KLMS-Rule-ID: 1 X-KLMS-Message-Action: clean X-KLMS-AntiSpam-Lua-Profiles: 174564 [Jan 09 2023] X-KLMS-AntiSpam-Version: 5.9.59.0 X-KLMS-AntiSpam-Envelope-From: Ilia.Gavrilov@infotecs.ru X-KLMS-AntiSpam-Rate: 0 X-KLMS-AntiSpam-Status: not_detected X-KLMS-AntiSpam-Method: none X-KLMS-AntiSpam-Auth: dkim=none X-KLMS-AntiSpam-Info: LuaCore: 502 502 69dee8ef46717dd3cb3eeb129cb7cc8dab9e30f6, {Tracking_uf_ne_domains}, {Tracking_from_domain_doesnt_match_to}, d41d8cd98f00b204e9800998ecf8427e.com:7.1.1;127.0.0.199:7.1.2;infotecs.ru:7.1.1 X-MS-Exchange-Organization-SCL: -1 X-KLMS-AntiSpam-Interceptor-Info: scan successful X-KLMS-AntiPhishing: Clean, bases: 2023/01/09 09:37:00 X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, bases: 2023/01/09 09:04:00 #20749700 X-KLMS-AntiVirus-Status: Clean, skipped X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1754545902982298345?= X-GMAIL-MSGID: =?utf-8?q?1754545902982298345?= Date: Tue, 20 Dec 2022 15:29:23 +0300 Subject: [PATCH] netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.@@ When first_ip is 0, last_ip is 0xFFFFFFF, and netmask is 31, the value of an arithmetic expression 2 << (netmask - mask_bits - 1) is subject to overflow due to a failure casting operands to a larger data type before performing the arithmetic. Note that it's harmless since the value will be checked at the next step. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE. Fixes: b9fed748185a ("netfilter: ipset: Check and reject crazy /0 input parameters") Signed-off-by: Ilia.Gavrilov --- net/netfilter/ipset/ip_set_bitmap_ip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.30.2 С уважением, Илья Гаврилов Ведущий программист Отдел разработки АО "ИнфоТеКС" в г. Санкт-Петербург 127287, г. Москва, Старый Петровско-Разумовский проезд, дом 1/23, стр. 1 T: +7 495 737-61-92 ( доб. 4921) Ф: +7 495 737-72-78 Ilia.Gavrilov@infotecs.ru www.infotecs.ru diff --git a/net/netfilter/ipset/ip_set_bitmap_ip.c b/net/netfilter/ipset/ip_set_bitmap_ip.c index a8ce04a4bb72..b8f0fb37378f 100644 --- a/net/netfilter/ipset/ip_set_bitmap_ip.c +++ b/net/netfilter/ipset/ip_set_bitmap_ip.c @@ -309,7 +309,7 @@ bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[], pr_debug("mask_bits %u, netmask %u\n", mask_bits, netmask); hosts = 2 << (32 - netmask - 1); -elements = 2 << (netmask - mask_bits - 1); +elements = 2UL << (netmask - mask_bits - 1); } if (elements > IPSET_BITMAP_MAX_RANGE + 1) return -IPSET_ERR_BITMAP_RANGE_SIZE;