]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 02a2ff4) | patch
netfilter: nft_hash: fix hash overflow validation
authorLaura Garcia Liebana <nevola@gmail.com>
Tue, 13 Sep 2016 08:21:46 +0000 (10:21 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 13 Sep 2016 08:49:23 +0000 (10:49 +0200)
commit8f7eeb9208e7846a5216fb130998170178b0000c
treee84563fdf8f5909a8db22aa7ba8616811033b10atree | snapshot
parent02a2ff4f2bd87e7d225496645996c0a3f32cafb1commit | diff
netfilter: nft_hash: fix hash overflow validation

The overflow validation in the init() function establishes that the
maximum value that the hash could reach is less than U32_MAX, which is
likely to be true.

The fix detects the overflow when the maximum hash value is less than
the offset itself.

Fixes: 6fb9e260b18a ("netfilter: nft_hash: Add hash offset value")
Reported-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_hash.c diff | blob | history
Linux Kernel Source Tree.