| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Dec 2022 12:00:15 +0800
From: kernel test robot <lkp@...el.com>
To: Florian Westphal <fw@...len.de>
Cc: oe-kbuild-all@...ts.linux.dev, linux-kernel@...r.kernel.org,
Pablo Neira Ayuso <pablo@...filter.org>
Subject: net/netfilter/nf_conntrack_proto.c:167 nf_confirm() warn: unsigned
'protoff' is never less than zero.
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 041fae9c105ae342a4245cf1e0dc56a23fbb9d3c
commit: a70e483460d58e64504dd679fd127e9549385c86 netfilter: conntrack: merge ipv4+ipv6 confirm functions
date: 2 weeks ago
config: parisc-randconfig-m031-20221214
compiler: hppa-linux-gcc (GCC) 12.1.0
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@...el.com>
smatch warnings:
net/netfilter/nf_conntrack_proto.c:167 nf_confirm() warn: unsigned 'protoff' is never less than zero.
vim +/protoff +167 net/netfilter/nf_conntrack_proto.c
133
134 unsigned int nf_confirm(void *priv,
135 struct sk_buff *skb,
136 const struct nf_hook_state *state)
137 {
138 const struct nf_conn_help *help;
139 enum ip_conntrack_info ctinfo;
140 unsigned int protoff;
141 struct nf_conn *ct;
142 bool seqadj_needed;
143 __be16 frag_off;
144 u8 pnum;
145
146 ct = nf_ct_get(skb, &ctinfo);
147 if (!ct || in_vrf_postrouting(state))
148 return NF_ACCEPT;
149
150 help = nfct_help(ct);
151
152 seqadj_needed = test_bit(IPS_SEQ_ADJUST_BIT, &ct->status) && !nf_is_loopback_packet(skb);
153 if (!help && !seqadj_needed)
154 return nf_conntrack_confirm(skb);
155
156 /* helper->help() do not expect ICMP packets */
157 if (ctinfo == IP_CT_RELATED_REPLY)
158 return nf_conntrack_confirm(skb);
159
160 switch (nf_ct_l3num(ct)) {
161 case NFPROTO_IPV4:
162 protoff = skb_network_offset(skb) + ip_hdrlen(skb);
163 break;
164 case NFPROTO_IPV6:
165 pnum = ipv6_hdr(skb)->nexthdr;
166 protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &pnum, &frag_off);
> 167 if (protoff < 0 || (frag_off & htons(~0x7)) != 0)
168 return nf_conntrack_confirm(skb);
169 break;
170 default:
171 return nf_conntrack_confirm(skb);
172 }
173
174 if (help) {
175 const struct nf_conntrack_helper *helper;
176 int ret;
177
178 /* rcu_read_lock()ed by nf_hook */
179 helper = rcu_dereference(help->helper);
180 if (helper) {
181 ret = helper->help(skb,
182 protoff,
183 ct, ctinfo);
184 if (ret != NF_ACCEPT)
185 return ret;
186 }
187 }
188
189 if (seqadj_needed &&
190 !nf_ct_seq_adjust(skb, ct, ctinfo, protoff)) {
191 NF_CT_STAT_INC_ATOMIC(nf_ct_net(ct), drop);
192 return NF_DROP;
193 }
194
195 /* We've seen it coming out the other side: confirm it */
196 return nf_conntrack_confirm(skb);
197 }
198 EXPORT_SYMBOL_GPL(nf_confirm);
199
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config" of type "text/plain" (149495 bytes)
Powered by blists - more mailing lists