summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@netfilter.org>2020-02-22 11:24:20 +0100
committerJozsef Kadlecsik <kadlec@netfilter.org>2020-02-22 12:13:05 +0100
commitc281026e0bde52d1de37c72c11ce9bc5538661a4 (patch)
treec05963c2ac4f4546d55e2f649fd45a268fd46d70
parentaa035df78aa6a2b14b4722a681d3c051bc9cf92e (diff)
netfilter: ipset: Fix forceadd evaluation path
When the forceadd option is enabled, the hash:* types should find and replace the first entry in the bucket with the new one if there are no reuseable (deleted or timed out) entries. However, the position index was just not set to zero and remained the invalid -1 if there were no reuseable entries. Reported-by: syzbot+6a86565c74ebe30aea18@syzkaller.appspotmail.com Fixes: 23c42a403a9c ("netfilter: ipset: Introduction of new commands and protocol version 7") Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
-rw-r--r--kernel/net/netfilter/ipset/ip_set_hash_gen.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_gen.h b/kernel/net/netfilter/ipset/ip_set_hash_gen.h
index e5f99ec..e9f2a9f 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/kernel/net/netfilter/ipset/ip_set_hash_gen.h
@@ -932,6 +932,8 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
}
}
if (reuse || forceadd) {
+ if (j == -1)
+ j = 0;
data = ahash_data(n, j, set->dsize);
if (!deleted) {
#ifdef IP_SET_HASH_WITH_NETS