netfilter: ipset: use bitmap infrastructure completely

The bitmap allocation did not use full unsigned long sizes when calculating the required size and that was triggered by KASAN as slab-out-of-bounds read in several places. The patch fixes all of them. Reported-by: [email protected] Reported-by: [email protected] Reported-by: [email protected] Reported-by: [email protected] Reported-by: [email protected] Reported-by: [email protected] Reported-by: [email protected] Signed-off-by: Jozsef Kadlecsik <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
author: Kadlecsik József <[email protected]> 2020-01-19 22:06:49 +0100
committer: Pablo Neira Ayuso <[email protected]> 2020-01-20 17:41:45 +0100
commit: 32c72165dbd0e246e69d16a3ad348a4851afd415 (patch)
tree: cf4eab20f76f39b8947f1d2599deb2cda9e15ed1 /include/linux/netfilter
parent: 7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365 (diff)
1 files changed, 0 insertions, 7 deletions
diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h
index 4d8b1eaf7708..908d38dbcb91 100644
--- a/include/linux/netfilter/ipset/ip_set.h
+++ b/include/linux/netfilter/ipset/ip_set.h
@@ -426,13 +426,6 @@ ip6addrptr(const struct sk_buff *skb, bool src, struct in6_addr *addr)
 	       sizeof(*addr));
 }
 
-/* Calculate the bytes required to store the inclusive range of a-b */
-static inline int
-bitmap_bytes(u32 a, u32 b)
-{
-	return 4 * ((((b - a + 8) / 8) + 3) / 4);
-}
-
 /* How often should the gc be run by default */
 #define IPSET_GC_TIME			(3 * 60)
author	Kadlecsik József <[email protected]>	2020-01-19 22:06:49 +0100
committer	Pablo Neira Ayuso <[email protected]>	2020-01-20 17:41:45 +0100
commit	32c72165dbd0e246e69d16a3ad348a4851afd415 (patch)
tree	cf4eab20f76f39b8947f1d2599deb2cda9e15ed1 /include/linux/netfilter
parent	7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365 (diff)