mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2026-07-08 18:13:59 +02:00
icmp: prevent possible overflow in icmp_global_allow()
Following expression can overflow
if sysctl_icmp_msgs_per_sec is big enough.
sysctl_icmp_msgs_per_sec * delta / HZ;
Fixes: 4cdf507d54 ("icmp: add a global rate limitation")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
Link: https://patch.msgid.link/20260216142832.3834174-2-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
committed by
Jakub Kicinski
parent
570e4549f6
commit
034bbd8062
+2
-1
@@ -250,7 +250,8 @@ bool icmp_global_allow(struct net *net)
|
||||
if (delta < HZ / 50)
|
||||
return false;
|
||||
|
||||
incr = READ_ONCE(net->ipv4.sysctl_icmp_msgs_per_sec) * delta / HZ;
|
||||
incr = READ_ONCE(net->ipv4.sysctl_icmp_msgs_per_sec);
|
||||
incr = div_u64((u64)incr * delta, HZ);
|
||||
if (!incr)
|
||||
return false;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user