Skip to content

Commit

Permalink
netfilter: nft_hash: fix hash overflow validation
Browse files Browse the repository at this point in the history
The overflow validation in the init() function establishes that the
maximum value that the hash could reach is less than U32_MAX, which is
likely to be true.

The fix detects the overflow when the maximum hash value is less than
the offset itself.

Fixes: 70ca767 ("netfilter: nft_hash: Add hash offset value")
Reported-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Laura Garcia Liebana authored and Pablo Neira Ayuso committed Sep 13, 2016
1 parent 2e917d6 commit 14e2dee
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion net/netfilter/nft_hash.c
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ static int nft_hash_init(const struct nft_ctx *ctx,
if (priv->modulus <= 1)
return -ERANGE;

if (priv->offset + priv->modulus - 1 < U32_MAX)
if (priv->offset + priv->modulus - 1 < priv->offset)
return -EOVERFLOW;

priv->seed = ntohl(nla_get_be32(tb[NFTA_HASH_SEED]));
Expand Down

0 comments on commit 14e2dee

Please sign in to comment.