From 08b3df85d107b2ae58a7a264bcdb1480b29acf98 Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Tue, 10 Feb 2009 15:38:32 +0100
Subject: Fix possible duplicates in hashesh.

Bug fixed: after elements are added and deleted from a hash, an element
can successfully be added in spite it's already in the hash and thus
duplicates can occur. Bug spotted by Shih-Yi Chen.
---
 kernel/ip_set_ipportnethash.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

(limited to 'kernel/ip_set_ipportnethash.c')

diff --git a/kernel/ip_set_ipportnethash.c b/kernel/ip_set_ipportnethash.c
index 87385a3..267370a 100644
--- a/kernel/ip_set_ipportnethash.c
+++ b/kernel/ip_set_ipportnethash.c
@@ -53,8 +53,7 @@ ipportnethash_id_cidr(struct ip_set *set, ip_set_ip_t *hash_ip,
 		elem = HARRAY_ELEM(map->members, struct ipportip *, id);
 		if (elem->ip == *hash_ip && elem->ip1 == ip1)
 			return id;
-		/* No shortcut at testing - there can be deleted
-		 * entries. */
+		/* No shortcut - there can be deleted entries. */
 	}
 	return UINT_MAX;
 }
@@ -137,19 +136,22 @@ __ipportnet_add(struct ip_set_ipportnethash *map,
 {
 	__u32 probe;
 	u_int16_t i;
-	struct ipportip *elem;
+	struct ipportip *elem, *slot = NULL;
 
 	for (i = 0; i < map->probes; i++) {
 		probe = jhash_ip2(map, i, hash_ip, ip1) % map->hashsize;
 		elem = HARRAY_ELEM(map->members, struct ipportip *, probe);
 		if (elem->ip == hash_ip && elem->ip1 == ip1)
 			return -EEXIST;
-		if (!(elem->ip || elem->ip1)) {
-			elem->ip = hash_ip;
-			elem->ip1 = ip1;
-			map->elements++;
-			return 0;
-		}
+		if (!(slot || elem->ip || elem->ip1))
+			slot = elem;
+		/* There can be deleted entries, must check all slots */
+	}
+	if (slot) {
+		slot->ip = hash_ip;
+		slot->ip1 = ip1;
+		map->elements++;
+		return 0;
 	}
 	/* Trigger rehashing */
 	return -EAGAIN;
-- 
cgit v1.2.3