search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 764f216) | patch
netfilter: x_tables: limit allocation requests for blob rule heads
commit5bcf169444540cbb8646cb415087f5ec83f60432
authorFlorian Westphal <fw@strlen.de>
Tue, 27 Feb 2018 18:42:32 +0000 (27 19:42 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 26 Apr 2018 09:02:21 +0000 (26 11:02 +0200)
tree25c6024dd85b0228d7b8b964a298329bd67fa07etree | snapshot (tar.gz zip)
parent764f2162d97a498269c9b67607fe163692a79aa7commit | diff
netfilter: x_tables: limit allocation requests for blob rule heads

commit 9d5c12a7c08f67999772065afd50fb222072114e upstream.

This is a very conservative limit (134217728 rules), but good
enough to not trigger frequent oom from syzkaller.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/netfilter/x_tables.c diff | blob | blame | history
Linux kernel stable tree