From 4eec8b3824d49c1c0503ebbf7844a4e312bc29e1 Mon Sep 17 00:00:00 2001
From: "/C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu"
 </C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu>
Date: Thu, 13 Nov 2008 09:36:37 +0000
Subject: 2.4.4   - Premature checking prevents to add valid elements to hash  
   types, fixed (bug reported by JC Janos).   - Local variable shadows another
 variable, fixed (reported     by Jan Engelhardt).   - More compiler warning
 options added and warnings fixed.

---
 kernel/ChangeLog                                   |  4 ++++
 kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h |  4 ++--
 kernel/ip_set_ipportnethash.c                      | 11 ++++-------
 kernel/ip_set_nethash.c                            | 18 +++++++++---------
 4 files changed, 19 insertions(+), 18 deletions(-)

(limited to 'kernel')

diff --git a/kernel/ChangeLog b/kernel/ChangeLog
index 25006be..292e19f 100644
--- a/kernel/ChangeLog
+++ b/kernel/ChangeLog
@@ -1,3 +1,7 @@
+2.4.4
+  - Premature checking prevents to add valid elements to hash
+    types, fixed (bug reported by JC Janos).
+
 2.4.2
   - When flushing a nethash/ipportnethash type of set, it can
     lead to a kernel crash due to a wrong type declaration,
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h
index 3d800ef..d1381b5 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h
@@ -36,7 +36,7 @@ mask_to_bits(ip_set_ip_t mask)
 		return bits;
 	
 	maskaddr = 0xFFFFFFFE;
-	while (--bits >= 0 && maskaddr != mask)
+	while (--bits > 0 && maskaddr != mask)
 		maskaddr <<= 1;
 	
 	return bits;
@@ -48,7 +48,7 @@ range_to_mask(ip_set_ip_t from, ip_set_ip_t to, unsigned int *bits)
 	ip_set_ip_t mask = 0xFFFFFFFE;
 	
 	*bits = 32;
-	while (--(*bits) >= 0 && mask && (to & mask) != from)
+	while (--(*bits) > 0 && mask && (to & mask) != from)
 		mask <<= 1;
 		
 	return mask;
diff --git a/kernel/ip_set_ipportnethash.c b/kernel/ip_set_ipportnethash.c
index 3c7f859..87385a3 100644
--- a/kernel/ip_set_ipportnethash.c
+++ b/kernel/ip_set_ipportnethash.c
@@ -44,6 +44,8 @@ ipportnethash_id_cidr(struct ip_set *set, ip_set_ip_t *hash_ip,
 	DP("set: %s, ipport:%u.%u.%u.%u:%u, %u.%u.%u.%u",
 	   set->name, HIPQUAD(ip), port, HIPQUAD(*hash_ip));
 	ip1 = pack_ip_cidr(ip1, cidr);
+	if (!(*hash_ip || ip1))
+		return UINT_MAX;
 	
 	for (i = 0; i < map->probes; i++) {
 		id = jhash_ip2(map, i, *hash_ip, ip1) % map->hashsize;
@@ -104,13 +106,10 @@ static int
 ipportnethash_utest(struct ip_set *set, const void *data, size_t size,
 		    ip_set_ip_t *hash_ip)
 {
-	const struct ip_set_ipportnethash *map = set->data;
 	const struct ip_set_req_ipportnethash *req = data;
 
 	if (req->cidr <= 0 || req->cidr > 32)
 		return -EINVAL;
-	if (!(pack_ip_port(map, req->ip, req->port)))
-		return -ERANGE;
 	return (req->cidr == 32 
 		? ipportnethash_test(set, hash_ip, req->ip, req->port,
 				     req->ip1)
@@ -120,7 +119,6 @@ ipportnethash_utest(struct ip_set *set, const void *data, size_t size,
 
 #define KADT_CONDITION						\
 	ip_set_ip_t port, ip1;					\
-	struct ip_set_ipportnethash *map = set->data;		\
 								\
 	if (flags[index+2] == 0)				\
 		return 0;					\
@@ -129,8 +127,6 @@ ipportnethash_utest(struct ip_set *set, const void *data, size_t size,
 	ip1 = ipaddr(skb, flags[index+2]);			\
 								\
 	if (port == INVALID_PORT)				\
-		return 0;					\
-	if (!(pack_ip_port(map, ip, port)))			\
 		return 0;
 
 KADT(ipportnethash, test, ipaddr, port, ip1)
@@ -185,10 +181,11 @@ ipportnethash_add(struct ip_set *set, ip_set_ip_t *hash_ip,
 		return -ERANGE;
 
 	*hash_ip = pack_ip_port(map, ip, port);
+	ip1 = pack_ip_cidr(ip1, cidr);
 	if (!(*hash_ip || ip1))
 		return -ERANGE;
 	
-	ret =__ipportnet_add(map, *hash_ip, pack_ip_cidr(ip1, cidr));
+	ret =__ipportnet_add(map, *hash_ip, ip1);
 	if (ret == 0) {
 		if (!map->nets[cidr-1]++)
 			add_cidr_size(map->cidr, cidr);
diff --git a/kernel/ip_set_nethash.c b/kernel/ip_set_nethash.c
index 9b3d826..d5b7a76 100644
--- a/kernel/ip_set_nethash.c
+++ b/kernel/ip_set_nethash.c
@@ -35,6 +35,8 @@ nethash_id_cidr(const struct ip_set_nethash *map,
 	ip_set_ip_t *elem;
 
 	*hash_ip = pack_ip_cidr(ip, cidr);
+	if (!*hash_ip)
+		return MAX_RANGE;
 	
 	for (i = 0; i < map->probes; i++) {
 		id = jhash_ip(map, i, *hash_ip) % map->hashsize;
@@ -67,13 +69,13 @@ nethash_test_cidr(struct ip_set *set, ip_set_ip_t *hash_ip,
 {
 	const struct ip_set_nethash *map = set->data;
 
-	return (ip && nethash_id_cidr(map, hash_ip, ip, cidr) != UINT_MAX);
+	return (nethash_id_cidr(map, hash_ip, ip, cidr) != UINT_MAX);
 }
 
 static inline int
 nethash_test(struct ip_set *set, ip_set_ip_t *hash_ip, ip_set_ip_t ip)
 {
-	return (ip && nethash_id(set, hash_ip, ip) != UINT_MAX);
+	return (nethash_id(set, hash_ip, ip) != UINT_MAX);
 }
 
 static int
@@ -120,15 +122,15 @@ nethash_add(struct ip_set *set, ip_set_ip_t *hash_ip,
 	struct ip_set_nethash *map = set->data;
 	int ret;
 	
-	if (!ip || map->elements >= limit)
-		return -ERANGE;
+	if (map->elements >= limit || map->nets[cidr-1] == UINT16_MAX)
+		return -ERANGE;	
 	if (cidr <= 0 || cidr >= 32)
 		return -EINVAL;
-	if (map->nets[cidr-1] == UINT16_MAX)
-		return -ERANGE;
-	
+
 	*hash_ip = pack_ip_cidr(ip, cidr);
 	DP("%u.%u.%u.%u/%u, %u.%u.%u.%u", HIPQUAD(ip), cidr, HIPQUAD(*hash_ip));
+	if (!*hash_ip)
+		return -ERANGE;
 	
 	ret = __nethash_add(map, hash_ip);
 	if (ret == 0) {
@@ -164,8 +166,6 @@ nethash_del(struct ip_set *set, ip_set_ip_t *hash_ip,
 	struct ip_set_nethash *map = set->data;
 	ip_set_ip_t id, *elem;
 
-	if (!ip)
-		return -ERANGE;
 	if (cidr <= 0 || cidr >= 32)
 		return -EINVAL;	
 	
-- 
cgit v1.2.3