On Thu, Jul 26, 2018 at 12:39:51AM +0900, Taehee Yoo wrote:
> In order to determine allocation size of set, ->privsize is invoked.
> At this point, both desc->size and size of each data structure of set
> are used. desc->size means number of element that is given by user.
> desc->size is u32 type. so that upperlimit of set element is 4294967295.
> but return type of ->privsize is also u32. hence overflow can occurred.
>
> test commands:
> %nft add table ip filter
> %nft add set ip filter hash1 { type ipv4_addr \; size 4294967295 \; }
> %nft list ruleset
Applied, thanks.
