netfilter: nft_limit: reject configurations that cause integer overflow (bc6e242b) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_stable_linux

Commit bc6e242b authored Jan 19, 2024 by

Florian Westphal Committed by Greg Kroah-Hartman Jan 31, 2024

netfilter: nft_limit: reject configurations that cause integer overflow

[ Upstream commit c9d9eb9c ]

Reject bogus configs where internal token counter wraps around.
This only occurs with very very large requests, such as 17gbyte/s.

Its better to reject this rather than having incorrect ratelimit.

Fixes: d2168e84

 ("netfilter: nft_limit: add per-byte limiting")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent c817f5c0

Hide whitespace changes

Inline Side-by-side

Please register or to comment