Skip to content

Commit

Permalink
netfilter: nf_nat: fix out-of-bounds access in address selection
Browse files Browse the repository at this point in the history 
include/linux/jhash.h:138:16: warning: array subscript is above array bounds
[jhash2() expects the number of u32 in the key]

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Florian Westphal authored and Pablo Neira Ayuso committed Sep 9, 2012
1 parent 00545be commit 5693d68
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion net/netfilter/nf_nat_core.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,7 +255,7 @@ find_best_ips_proto(u16 zone, struct nf_conntrack_tuple *tuple,
* client coming from the same IP (some Internet Banking sites
* like this), even across reboots.
*/
j = jhash2((u32 *)&tuple->src.u3, sizeof(tuple->src.u3),
j = jhash2((u32 *)&tuple->src.u3, sizeof(tuple->src.u3) / sizeof(u32),
range->flags & NF_NAT_RANGE_PERSISTENT ?
0 : (__force u32)tuple->dst.u3.all[max] ^ zone);

Expand Down

0 comments on commit 5693d68

Please sign in to comment.