netfilter: ctnetlink: fix timeout calculation

xiw · ummakynes · commit c121638277a7 · 2011-12-31T16:59:04.000+01:00
The sanity check (timeout &lt; 0) never works; the dividend is unsigned
and so is the division, which should have been a signed division.

	long timeout = (ct-&gt;timeout.expires - jiffies) / HZ;
	if (timeout &lt; 0)
		timeout = 0;

This patch converts the time values to signed for the division.

Signed-off-by: Xi Wang &lt;xi.wang@gmail.com&gt;
Signed-off-by: Pablo Neira Ayuso &lt;pablo@netfilter.org&gt;
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
@@ -135,7 +135,7 @@ ctnetlink_dump_status(struct sk_buff *skb, const struct nf_conn *ct)
 static inline int
 ctnetlink_dump_timeout(struct sk_buff *skb, const struct nf_conn *ct)
 {
-	long timeout = (ct->timeout.expires - jiffies) / HZ;
+	long timeout = ((long)ct->timeout.expires - (long)jiffies) / HZ;
 
 	if (timeout < 0)
 		timeout = 0;
@@ -1641,7 +1641,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb,
 			  const struct nf_conntrack_expect *exp)
 {
 	struct nf_conn *master = exp->master;
-	long timeout = (exp->timeout.expires - jiffies) / HZ;
+	long timeout = ((long)exp->timeout.expires - (long)jiffies) / HZ;
 	struct nf_conn_help *help;
 
 	if (timeout < 0)
