net: Limit socket I/O iovec total length to INT_MAX.

[firefly-linux-kernel-4.4.55.git] / net / netfilter / xt_recent.c

diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index eb0ceb8465270d355d44842b1b82e91e41b6830e..2f181aa07b0567dc0f443ed680146c5ffa6d8b07 100644 (file)
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -173,10 +173,10 @@ recent_entry_init(struct recent_table *t, const union nf_inet_addr *addr,
 
 static void recent_entry_update(struct recent_table *t, struct recent_entry *e)
 {
+       e->index %= ip_pkt_list_tot;
        e->stamps[e->index++] = jiffies;
        if (e->index > e->nstamps)
                e->nstamps = e->index;
-       e->index %= ip_pkt_list_tot;
        list_move_tail(&e->lru_list, &t->lru_list);
 }
 
@@ -260,7 +260,7 @@ recent_mt(const struct sk_buff *skb, const struct xt_match_param *par)
                for (i = 0; i < e->nstamps; i++) {
                        if (info->seconds && time_after(time, e->stamps[i]))
                                continue;
-                       if (++hits >= info->hit_count) {
+                       if (!info->hit_count || ++hits >= info->hit_count) {
                                ret = !ret;
                                break;
                        }