From c839e87bbb95af6653b31de099deace134db0255 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Mon, 26 Jun 2017 22:02:35 +0200
Subject: [PATCH] xt_geoip: check for allocation overflow

---
 extensions/xt_geoip.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/extensions/xt_geoip.c b/extensions/xt_geoip.c
index e30c827..27e60a4 100644
--- a/extensions/xt_geoip.c
+++ b/extensions/xt_geoip.c
@@ -75,7 +75,8 @@ geoip_add_node(const struct geoip_country_user __user *umem_ptr,
 
 	if (copy_from_user(&umem, umem_ptr, sizeof(umem)) != 0)
 		return ERR_PTR(-EFAULT);
-
+	if (umem.count > SIZE_MAX / geoproto_size[proto])
+		return ERR_PTR(-E2BIG);
 	p = kmalloc(sizeof(struct geoip_country_kernel), GFP_KERNEL);
 	if (p == NULL)
 		return ERR_PTR(-ENOMEM);