提交 c1216382 编写于 作者: X Xi Wang 提交者: Pablo Neira Ayuso

netfilter: ctnetlink: fix timeout calculation

The sanity check (timeout < 0) never works; the dividend is unsigned
and so is the division, which should have been a signed division.

	long timeout = (ct->timeout.expires - jiffies) / HZ;
	if (timeout < 0)
		timeout = 0;

This patch converts the time values to signed for the division.
Signed-off-by: NXi Wang <xi.wang@gmail.com>
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
上级 52793dbe
...@@ -135,7 +135,7 @@ ctnetlink_dump_status(struct sk_buff *skb, const struct nf_conn *ct) ...@@ -135,7 +135,7 @@ ctnetlink_dump_status(struct sk_buff *skb, const struct nf_conn *ct)
static inline int static inline int
ctnetlink_dump_timeout(struct sk_buff *skb, const struct nf_conn *ct) ctnetlink_dump_timeout(struct sk_buff *skb, const struct nf_conn *ct)
{ {
long timeout = (ct->timeout.expires - jiffies) / HZ; long timeout = ((long)ct->timeout.expires - (long)jiffies) / HZ;
if (timeout < 0) if (timeout < 0)
timeout = 0; timeout = 0;
...@@ -1641,7 +1641,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb, ...@@ -1641,7 +1641,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb,
const struct nf_conntrack_expect *exp) const struct nf_conntrack_expect *exp)
{ {
struct nf_conn *master = exp->master; struct nf_conn *master = exp->master;
long timeout = (exp->timeout.expires - jiffies) / HZ; long timeout = ((long)exp->timeout.expires - (long)jiffies) / HZ;
struct nf_conn_help *help; struct nf_conn_help *help;
if (timeout < 0) if (timeout < 0)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册