summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-12-17 22:37:03 -0800
committerDavid S. Miller <davem@davemloft.net>2008-01-28 14:58:55 -0800
commitd978e5daec544ec72b28bf72a30dc9ac3da23a35 (patch)
treeb20f5ecdff8c8ce6c22be48412dadd90686056a0 /net
parent77236b6e33b06aaf756a86ed1965ca7d460b1b53 (diff)
downloadkernel-crypto-d978e5daec544ec72b28bf72a30dc9ac3da23a35.tar.gz
kernel-crypto-d978e5daec544ec72b28bf72a30dc9ac3da23a35.tar.xz
kernel-crypto-d978e5daec544ec72b28bf72a30dc9ac3da23a35.zip
[NETFILTER]: ctnetlink: fix expectation timeout dumping
When the timer is late its timeout might be before the current time, in which case a very large value is dumped. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/nf_conntrack_netlink.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index dcd0c9a4bb7..75012585efe 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1356,7 +1356,10 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb,
const struct nf_conntrack_expect *exp)
{
struct nf_conn *master = exp->master;
- __be32 timeout = htonl((exp->timeout.expires - jiffies) / HZ);
+ long timeout = (exp->timeout.expires - jiffies) / HZ;
+
+ if (timeout < 0)
+ timeout = 0;
if (ctnetlink_exp_dump_tuple(skb, &exp->tuple, CTA_EXPECT_TUPLE) < 0)
goto nla_put_failure;
@@ -1367,7 +1370,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb,
CTA_EXPECT_MASTER) < 0)
goto nla_put_failure;
- NLA_PUT_BE32(skb, CTA_EXPECT_TIMEOUT, timeout);
+ NLA_PUT_BE32(skb, CTA_EXPECT_TIMEOUT, htonl(timeout));
NLA_PUT_BE32(skb, CTA_EXPECT_ID, htonl((unsigned long)exp));
return 0;