forked from luck/tmp_suning_uos_patched
cbd375567f
When userspace passes a large priority value the assignment of the unsigned value hopt->prio to signed int cl->prio causes cl->prio to become negative and the comparison is with TC_HTB_NUMPRIO is always false. The result is that HTB crashes by referencing outside the array when processing packets. With this patch the large value wraps around like other values outside the normal range. See: https://bugzilla.kernel.org/show_bug.cgi?id=60669 Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|---|---|---|
| .. | ||
| act_api.c | ||
| act_csum.c | ||
| act_gact.c | ||
| act_ipt.c | ||
| act_mirred.c | ||
| act_nat.c | ||
| act_pedit.c | ||
| act_police.c | ||
| act_simple.c | ||
| act_skbedit.c | ||
| cls_api.c | ||
| cls_basic.c | ||
| cls_cgroup.c | ||
| cls_flow.c | ||
| cls_fw.c | ||
| cls_route.c | ||
| cls_rsvp.c | ||
| cls_rsvp.h | ||
| cls_rsvp6.c | ||
| cls_tcindex.c | ||
| cls_u32.c | ||
| em_canid.c | ||
| em_cmp.c | ||
| em_ipset.c | ||
| em_meta.c | ||
| em_nbyte.c | ||
| em_text.c | ||
| em_u32.c | ||
| ematch.c | ||
| Kconfig | ||
| Makefile | ||
| sch_api.c | ||
| sch_atm.c | ||
| sch_blackhole.c | ||
| sch_cbq.c | ||
| sch_choke.c | ||
| sch_codel.c | ||
| sch_drr.c | ||
| sch_dsmark.c | ||
| sch_fifo.c | ||
| sch_fq_codel.c | ||
| sch_generic.c | ||
| sch_gred.c | ||
| sch_hfsc.c | ||
| sch_htb.c | ||
| sch_ingress.c | ||
| sch_mq.c | ||
| sch_mqprio.c | ||
| sch_multiq.c | ||
| sch_netem.c | ||
| sch_plug.c | ||
| sch_prio.c | ||
| sch_qfq.c | ||
| sch_red.c | ||
| sch_sfb.c | ||
| sch_sfq.c | ||
| sch_tbf.c | ||
| sch_teql.c | ||