git.baikalelectronics.ru Git - kernel.git/commit

author	Vishwanath Pai <vpai@akamai.com>
	Wed, 28 Sep 2022 18:26:50 +0000 (14:26 -0400)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 21 Nov 2022 14:00:45 +0000 (15:00 +0100)
commit	fbb8da713be7e9d1dbd0ca212cd171a4ae6fdbb0
tree	edfa9b828e556bcb0c90e07f033e48d7db6ebf5f	tree \| snapshot
parent	4eba5be983686b65cb81eff9dc590f0ebf22e51e	commit \| diff

netfilter: ipset: regression in ip_set_hash_ip.c

This patch introduced a regression: commit 789092b9d3d4 ("netfilter:
ipset: Fix adding an IPv4 range containing more than 2^31 addresses")

The variable e.ip is passed to adtfn() function which finally adds the
ip address to the set. The patch above refactored the for loop and moved
e.ip = htonl(ip) to the end of the for loop.

What this means is that if the value of "ip" changes between the first
assignement of e.ip and the forloop, then e.ip is pointing to a
different ip address than "ip".

Test case:
$ ipset create jdtest_tmp hash:ip family inet hashsize 2048 maxelem 100000
$ ipset add jdtest_tmp 10.0.1.1/31
ipset v6.21.1: Element cannot be added to the set: it's already added

The value of ip gets updated inside the "else if (tb[IPSET_ATTR_CIDR])"
block but e.ip is still pointing to the old value.

Fixes: 789092b9d3d4 ("netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses")
Reviewed-by: Joshua Hunt <johunt@akamai.com>
Signed-off-by: Vishwanath Pai <vpai@akamai.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>