| commit | 8b1836c4b64386e9bc580438cae386ed31a43ab9 | [log] [tgz] |
|---|---|---|
| author | Jay Elliott <jelliott@arista.com> | Wed Nov 15 15:01:13 2017 -0800 |
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | Tue Nov 28 01:17:04 2017 +0100 |
| tree | 0d4f9364bc5ef3f6fbf1ed9ac464262b632f9ffd | |
| parent | fbcd253d2448b8f168241e38f629a36c4c8c1e94 [diff] |
netfilter: conntrack: clamp timeouts to INT_MAX When the conntracking code multiplies a timeout by HZ, it can overflow from positive to negative; this causes it to instantly expire. To protect against this the multiplication is done in 64-bit so we can prevent it from exceeding INT_MAX. Signed-off-by: Jay Elliott <jelliott@arista.com> Acked-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>