Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

Pable Neira Ayuso says: ==================== The following patchset contains Netfilter fixes for net: 1) Increase timeout to 120 seconds for netfilter selftests to fix nftables transaction tests, from Florian Westphal. 2) Fix overflow in bitmap_ip_create() due to integer arithmetics in a 64-bit bitmask, from Gavrilov Ilia. 3) Fix incorrect arithmetics in nft_payload with double-tagged vlan matching. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2023-01-16 13:10:16 +0000
committer: David S. Miller <davem@davemloft.net> 2023-01-16 13:10:16 +0000
commit: 21705c771934f24cab8beb554e3b7f40e3511ad7 (patch)
tree: 9ac04c492f0fadec39d313d3d7d72e8e9cb3022f /net
parent: c296c77efb66994d94d9f706446a115581226550 (diff)
parent: 696e1a48b1a1b01edad542a1ef293665864a4dd0 (diff)
download: linux-21705c771934f24cab8beb554e3b7f40e3511ad7.tar.bz2
2 files changed, 3 insertions, 3 deletions
diff --git a/net/netfilter/ipset/ip_set_bitmap_ip.c b/net/netfilter/ipset/ip_set_bitmap_ip.c
index a8ce04a4bb72..e4fa00abde6a 100644
--- a/net/netfilter/ipset/ip_set_bitmap_ip.c
+++ b/net/netfilter/ipset/ip_set_bitmap_ip.c
@@ -308,8 +308,8 @@ bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
 			return -IPSET_ERR_BITMAP_RANGE;
 
 		pr_debug("mask_bits %u, netmask %u\n", mask_bits, netmask);
-		hosts = 2 << (32 - netmask - 1);
-		elements = 2 << (netmask - mask_bits - 1);
+		hosts = 2U << (32 - netmask - 1);
+		elements = 2UL << (netmask - mask_bits - 1);
 	}
 	if (elements > IPSET_BITMAP_MAX_RANGE + 1)
 		return -IPSET_ERR_BITMAP_RANGE_SIZE;
diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
index 17b418a5a593..3a3c7746e88f 100644
--- a/net/netfilter/nft_payload.c
+++ b/net/netfilter/nft_payload.c
@@ -63,7 +63,7 @@ nft_payload_copy_vlan(u32 *d, const struct sk_buff *skb, u8 offset, u8 len)
 			return false;
 
 		if (offset + len > VLAN_ETH_HLEN + vlan_hlen)
-			ethlen -= offset + len - VLAN_ETH_HLEN + vlan_hlen;
+			ethlen -= offset + len - VLAN_ETH_HLEN - vlan_hlen;
 
 		memcpy(dst_u8, vlanh + offset - vlan_hlen, ethlen);
author	David S. Miller <davem@davemloft.net>	2023-01-16 13:10:16 +0000
committer	David S. Miller <davem@davemloft.net>	2023-01-16 13:10:16 +0000
commit	21705c771934f24cab8beb554e3b7f40e3511ad7 (patch)
tree	9ac04c492f0fadec39d313d3d7d72e8e9cb3022f /net
parent	c296c77efb66994d94d9f706446a115581226550 (diff)
parent	696e1a48b1a1b01edad542a1ef293665864a4dd0 (diff)
download	linux-21705c771934f24cab8beb554e3b7f40e3511ad7.tar.bz2