diff options
author | Patrick McHardy <kaber@trash.net> | 2007-12-17 22:37:03 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-01-28 14:58:55 -0800 |
commit | d978e5daec544ec72b28bf72a30dc9ac3da23a35 (patch) | |
tree | b20f5ecdff8c8ce6c22be48412dadd90686056a0 /net | |
parent | 77236b6e33b06aaf756a86ed1965ca7d460b1b53 (diff) | |
download | kernel-crypto-d978e5daec544ec72b28bf72a30dc9ac3da23a35.tar.gz kernel-crypto-d978e5daec544ec72b28bf72a30dc9ac3da23a35.tar.xz kernel-crypto-d978e5daec544ec72b28bf72a30dc9ac3da23a35.zip |
[NETFILTER]: ctnetlink: fix expectation timeout dumping
When the timer is late its timeout might be before the current time,
in which case a very large value is dumped.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index dcd0c9a4bb7..75012585efe 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -1356,7 +1356,10 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb, const struct nf_conntrack_expect *exp) { struct nf_conn *master = exp->master; - __be32 timeout = htonl((exp->timeout.expires - jiffies) / HZ); + long timeout = (exp->timeout.expires - jiffies) / HZ; + + if (timeout < 0) + timeout = 0; if (ctnetlink_exp_dump_tuple(skb, &exp->tuple, CTA_EXPECT_TUPLE) < 0) goto nla_put_failure; @@ -1367,7 +1370,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb, CTA_EXPECT_MASTER) < 0) goto nla_put_failure; - NLA_PUT_BE32(skb, CTA_EXPECT_TIMEOUT, timeout); + NLA_PUT_BE32(skb, CTA_EXPECT_TIMEOUT, htonl(timeout)); NLA_PUT_BE32(skb, CTA_EXPECT_ID, htonl((unsigned long)exp)); return 0; |