Commit 14e2dee0 authored by Laura Garcia Liebana's avatar Laura Garcia Liebana Committed by Pablo Neira Ayuso

netfilter: nft_hash: fix hash overflow validation

The overflow validation in the init() function establishes that the
maximum value that the hash could reach is less than U32_MAX, which is
likely to be true.

The fix detects the overflow when the maximum hash value is less than
the offset itself.

Fixes: 70ca767e ("netfilter: nft_hash: Add hash offset value")
Reported-by: default avatarLiping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: default avatarLaura Garcia Liebana <nevola@gmail.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 2e917d60
...@@ -76,7 +76,7 @@ static int nft_hash_init(const struct nft_ctx *ctx, ...@@ -76,7 +76,7 @@ static int nft_hash_init(const struct nft_ctx *ctx,
if (priv->modulus <= 1) if (priv->modulus <= 1)
return -ERANGE; return -ERANGE;
if (priv->offset + priv->modulus - 1 < U32_MAX) if (priv->offset + priv->modulus - 1 < priv->offset)
return -EOVERFLOW; return -EOVERFLOW;
priv->seed = ntohl(nla_get_be32(tb[NFTA_HASH_SEED])); priv->seed = ntohl(nla_get_be32(tb[NFTA_HASH_SEED]));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment