]> git.karo-electronics.de Git - linux-beck.git/commit
netfilter: nft_hash: fix hash overflow validation
authorLaura Garcia Liebana <nevola@gmail.com>
Tue, 13 Sep 2016 08:21:46 +0000 (10:21 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 13 Sep 2016 08:49:23 +0000 (10:49 +0200)
commit14e2dee0996f51e0ff0d868497c7e1b90f012665
treee84563fdf8f5909a8db22aa7ba8616811033b10a
parent2e917d602acd9e3e8c6e4c43b213c8929d986503
netfilter: nft_hash: fix hash overflow validation

The overflow validation in the init() function establishes that the
maximum value that the hash could reach is less than U32_MAX, which is
likely to be true.

The fix detects the overflow when the maximum hash value is less than
the offset itself.

Fixes: 70ca767ea1b2 ("netfilter: nft_hash: Add hash offset value")
Reported-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_hash.c