On Wed, Jan 11, 2023 at 01:00:53PM +0100, Simon Horman wrote: > On Wed, Jan 11, 2023 at 11:57:39AM +0000, Gavrilov Ilia wrote: > > [You don't often get email from ilia.gavrilov@xxxxxxxxxxx. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] > > > > When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value of > > an arithmetic expression 2 << (netmask - mask_bits - 1) is subject > > to overflow due to a failure casting operands to a larger data type > > before performing the arithmetic. > > > > Note that it's harmless since the value will be checked at the next step. > > > > Found by InfoTeCS on behalf of Linux Verification Center > > (linuxtesting.org) with SVACE. > > > > Fixes: b9fed748185a ("netfilter: ipset: Check and reject crazy /0 input parameters") > > Signed-off-by: Ilia.Gavrilov <Ilia.Gavrilov@xxxxxxxxxxx> > > Reviewed-by: Simon Horman <simon.horman@xxxxxxxxxxxx> Applied, thanks
