netfilter: nf_tables: fix overrun in nf_tables_set_alloc_name() The map that is used to allocate anonymous sets is indeed BITS_PER_BYTE * PAGE_SIZE long. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit: 53b70287ddf487a38b7cbf0a10db28f40714b799 [log] [tgz]
author: Patrick McHardy <kaber@trash.net> Wed Feb 05 12:26:22 2014 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> Wed Feb 05 17:46:07 2014 +0100
tree: 314988aaaead3152a8a558d2e886e83b82626e97
parent: e53376bef2cd97d3e3f61fdc677fb8da7d03d0da [diff]
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 9ce3053..2a22a18 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c

@@ -1989,13 +1989,13 @@
 
 			if (!sscanf(i->name, name, &tmp))
 				continue;
-			if (tmp < 0 || tmp > BITS_PER_LONG * PAGE_SIZE)
+			if (tmp < 0 || tmp >= BITS_PER_BYTE * PAGE_SIZE)
 				continue;
 
 			set_bit(tmp, inuse);
 		}
 
-		n = find_first_zero_bit(inuse, BITS_PER_LONG * PAGE_SIZE);
+		n = find_first_zero_bit(inuse, BITS_PER_BYTE * PAGE_SIZE);
 		free_page((unsigned long)inuse);
 	}
commit	53b70287ddf487a38b7cbf0a10db28f40714b799	[log] [tgz]
author	Patrick McHardy <kaber@trash.net>	Wed Feb 05 12:26:22 2014 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	Wed Feb 05 17:46:07 2014 +0100
tree	314988aaaead3152a8a558d2e886e83b82626e97
parent	e53376bef2cd97d3e3f61fdc677fb8da7d03d0da [diff]