netfilter: ipset: fix timeout value overflow bug
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Mon, 7 May 2012 02:35:44 +0000 (02:35 +0000)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 21 Oct 2012 16:28:00 +0000 (09:28 -0700)
commit0fc58b2ff3f70a6bcfac562c68ec62939c37268a
treeb18b3e78186d41acd9c5b1ba73c3e5a3aff807d3
parent7fcbcdc96302e9d3e3b36df4fbc86a4c82761092
netfilter: ipset: fix timeout value overflow bug

commit 127f559127f5175e4bec3dab725a34845d956591 upstream.

Large timeout parameters could result wrong timeout values due to
an overflow at msec to jiffies conversion (reported by Andreas Herz)

[ This patch was mangled by Pablo Neira Ayuso since David Laight and
  Eric Dumazet noticed that we were using hardcoded 1000 instead of
  MSEC_PER_SEC to calculate the timeout ]

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: David Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
include/linux/netfilter/ipset/ip_set_timeout.h
net/netfilter/xt_set.c