9d5c12a7c08f67999772065afd50fb222072114e - SHIFTPHONES/kernel/common

commit	9d5c12a7c08f67999772065afd50fb222072114e	[log] [tgz]
author	Florian Westphal <fw@strlen.de>	Tue Feb 27 19:42:32 2018 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	Mon Mar 05 23:15:43 2018 +0100
tree	3fc6bbb9e424e03b5586b585a7e1387e5ba80adf
parent	19926968ea86a286aa6fbea16ee3f2e7442f10f0 [diff]

netfilter: x_tables: limit allocation requests for blob rule heads

This is a very conservative limit (134217728 rules), but good
enough to not trigger frequent oom from syzkaller.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

net/netfilter/x_tables.c[diff]

1 file changed

tree: 3fc6bbb9e424e03b5586b585a7e1387e5ba80adf