summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
Diffstat (limited to 'kernel')
-rw-r--r--kernel/ChangeLog4
-rw-r--r--kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h4
-rw-r--r--kernel/ip_set_ipportnethash.c11
-rw-r--r--kernel/ip_set_nethash.c18
4 files changed, 19 insertions, 18 deletions
diff --git a/kernel/ChangeLog b/kernel/ChangeLog
index 25006be..292e19f 100644
--- a/kernel/ChangeLog
+++ b/kernel/ChangeLog
@@ -1,3 +1,7 @@
+2.4.4
+ - Premature checking prevents to add valid elements to hash
+ types, fixed (bug reported by JC Janos).
+
2.4.2
- When flushing a nethash/ipportnethash type of set, it can
lead to a kernel crash due to a wrong type declaration,
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h
index 3d800ef..d1381b5 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h
@@ -36,7 +36,7 @@ mask_to_bits(ip_set_ip_t mask)
return bits;
maskaddr = 0xFFFFFFFE;
- while (--bits >= 0 && maskaddr != mask)
+ while (--bits > 0 && maskaddr != mask)
maskaddr <<= 1;
return bits;
@@ -48,7 +48,7 @@ range_to_mask(ip_set_ip_t from, ip_set_ip_t to, unsigned int *bits)
ip_set_ip_t mask = 0xFFFFFFFE;
*bits = 32;
- while (--(*bits) >= 0 && mask && (to & mask) != from)
+ while (--(*bits) > 0 && mask && (to & mask) != from)
mask <<= 1;
return mask;
diff --git a/kernel/ip_set_ipportnethash.c b/kernel/ip_set_ipportnethash.c
index 3c7f859..87385a3 100644
--- a/kernel/ip_set_ipportnethash.c
+++ b/kernel/ip_set_ipportnethash.c
@@ -44,6 +44,8 @@ ipportnethash_id_cidr(struct ip_set *set, ip_set_ip_t *hash_ip,
DP("set: %s, ipport:%u.%u.%u.%u:%u, %u.%u.%u.%u",
set->name, HIPQUAD(ip), port, HIPQUAD(*hash_ip));
ip1 = pack_ip_cidr(ip1, cidr);
+ if (!(*hash_ip || ip1))
+ return UINT_MAX;
for (i = 0; i < map->probes; i++) {
id = jhash_ip2(map, i, *hash_ip, ip1) % map->hashsize;
@@ -104,13 +106,10 @@ static int
ipportnethash_utest(struct ip_set *set, const void *data, size_t size,
ip_set_ip_t *hash_ip)
{
- const struct ip_set_ipportnethash *map = set->data;
const struct ip_set_req_ipportnethash *req = data;
if (req->cidr <= 0 || req->cidr > 32)
return -EINVAL;
- if (!(pack_ip_port(map, req->ip, req->port)))
- return -ERANGE;
return (req->cidr == 32
? ipportnethash_test(set, hash_ip, req->ip, req->port,
req->ip1)
@@ -120,7 +119,6 @@ ipportnethash_utest(struct ip_set *set, const void *data, size_t size,
#define KADT_CONDITION \
ip_set_ip_t port, ip1; \
- struct ip_set_ipportnethash *map = set->data; \
\
if (flags[index+2] == 0) \
return 0; \
@@ -129,8 +127,6 @@ ipportnethash_utest(struct ip_set *set, const void *data, size_t size,
ip1 = ipaddr(skb, flags[index+2]); \
\
if (port == INVALID_PORT) \
- return 0; \
- if (!(pack_ip_port(map, ip, port))) \
return 0;
KADT(ipportnethash, test, ipaddr, port, ip1)
@@ -185,10 +181,11 @@ ipportnethash_add(struct ip_set *set, ip_set_ip_t *hash_ip,
return -ERANGE;
*hash_ip = pack_ip_port(map, ip, port);
+ ip1 = pack_ip_cidr(ip1, cidr);
if (!(*hash_ip || ip1))
return -ERANGE;
- ret =__ipportnet_add(map, *hash_ip, pack_ip_cidr(ip1, cidr));
+ ret =__ipportnet_add(map, *hash_ip, ip1);
if (ret == 0) {
if (!map->nets[cidr-1]++)
add_cidr_size(map->cidr, cidr);
diff --git a/kernel/ip_set_nethash.c b/kernel/ip_set_nethash.c
index 9b3d826..d5b7a76 100644
--- a/kernel/ip_set_nethash.c
+++ b/kernel/ip_set_nethash.c
@@ -35,6 +35,8 @@ nethash_id_cidr(const struct ip_set_nethash *map,
ip_set_ip_t *elem;
*hash_ip = pack_ip_cidr(ip, cidr);
+ if (!*hash_ip)
+ return MAX_RANGE;
for (i = 0; i < map->probes; i++) {
id = jhash_ip(map, i, *hash_ip) % map->hashsize;
@@ -67,13 +69,13 @@ nethash_test_cidr(struct ip_set *set, ip_set_ip_t *hash_ip,
{
const struct ip_set_nethash *map = set->data;
- return (ip && nethash_id_cidr(map, hash_ip, ip, cidr) != UINT_MAX);
+ return (nethash_id_cidr(map, hash_ip, ip, cidr) != UINT_MAX);
}
static inline int
nethash_test(struct ip_set *set, ip_set_ip_t *hash_ip, ip_set_ip_t ip)
{
- return (ip && nethash_id(set, hash_ip, ip) != UINT_MAX);
+ return (nethash_id(set, hash_ip, ip) != UINT_MAX);
}
static int
@@ -120,15 +122,15 @@ nethash_add(struct ip_set *set, ip_set_ip_t *hash_ip,
struct ip_set_nethash *map = set->data;
int ret;
- if (!ip || map->elements >= limit)
- return -ERANGE;
+ if (map->elements >= limit || map->nets[cidr-1] == UINT16_MAX)
+ return -ERANGE;
if (cidr <= 0 || cidr >= 32)
return -EINVAL;
- if (map->nets[cidr-1] == UINT16_MAX)
- return -ERANGE;
-
+
*hash_ip = pack_ip_cidr(ip, cidr);
DP("%u.%u.%u.%u/%u, %u.%u.%u.%u", HIPQUAD(ip), cidr, HIPQUAD(*hash_ip));
+ if (!*hash_ip)
+ return -ERANGE;
ret = __nethash_add(map, hash_ip);
if (ret == 0) {
@@ -164,8 +166,6 @@ nethash_del(struct ip_set *set, ip_set_ip_t *hash_ip,
struct ip_set_nethash *map = set->data;
ip_set_ip_t id, *elem;
- if (!ip)
- return -ERANGE;
if (cidr <= 0 || cidr >= 32)
return -EINVAL;