diff options
| author | Laura Garcia Liebana | 2016-09-13 10:21:46 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso | 2016-09-13 10:49:23 +0200 |
| commit | 14e2dee0996f51e0ff0d868497c7e1b90f012665 (patch) | |
| tree | e84563fdf8f5909a8db22aa7ba8616811033b10a /net/netfilter/nft_hash.c | |
| parent | netfilter: nft_numgen: fix race between num generate and store it (diff) | |
| download | kernel-qcow2-linux-14e2dee0996f51e0ff0d868497c7e1b90f012665.tar.gz kernel-qcow2-linux-14e2dee0996f51e0ff0d868497c7e1b90f012665.tar.xz kernel-qcow2-linux-14e2dee0996f51e0ff0d868497c7e1b90f012665.zip | |
netfilter: nft_hash: fix hash overflow validation
The overflow validation in the init() function establishes that the
maximum value that the hash could reach is less than U32_MAX, which is
likely to be true.
The fix detects the overflow when the maximum hash value is less than
the offset itself.
Fixes: 70ca767ea1b2 ("netfilter: nft_hash: Add hash offset value")
Reported-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nft_hash.c')
| -rw-r--r-- | net/netfilter/nft_hash.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c index bd12f7a801c2..09473b415b95 100644 --- a/net/netfilter/nft_hash.c +++ b/net/netfilter/nft_hash.c @@ -76,7 +76,7 @@ static int nft_hash_init(const struct nft_ctx *ctx, if (priv->modulus <= 1) return -ERANGE; - if (priv->offset + priv->modulus - 1 < U32_MAX) + if (priv->offset + priv->modulus - 1 < priv->offset) return -EOVERFLOW; priv->seed = ntohl(nla_get_be32(tb[NFTA_HASH_SEED])); |