Commit ecc245c2 authored by Vytas Dauksa's avatar Vytas Dauksa Committed by Jozsef Kadlecsik

netfilter: ipset: Removed invalid IPSET_ATTR_MARKMASK validation

Markmask is an u32, hence it can't be greater then 4294967295 ( i.e.
0xffffffff ). This was causing smatch warning:
 net/netfilter/ipset/ip_set_hash_gen.h:1084 hash_ipmark_create() warn:
 impossible condition '(markmask > 4294967295) => (0-u32max > u32max)'
Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
parent afc5be30
...@@ -1093,7 +1093,7 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set, ...@@ -1093,7 +1093,7 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
if (tb[IPSET_ATTR_MARKMASK]) { if (tb[IPSET_ATTR_MARKMASK]) {
markmask = ntohl(nla_get_u32(tb[IPSET_ATTR_MARKMASK])); markmask = ntohl(nla_get_u32(tb[IPSET_ATTR_MARKMASK]));
if ((markmask > 4294967295u) || markmask == 0) if (markmask == 0)
return -IPSET_ERR_INVALID_MARKMASK; return -IPSET_ERR_INVALID_MARKMASK;
} }
#endif #endif
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment