[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Oct 2007 11:00:17 +0200
From: Anton Arapov <aarapov@...hat.com>
To: "Denis V. Lunev" <den@...nvz.org>
Cc: netdev@...r.kernel.org
Subject: Re: [PATCH] division-by-zero in inet_csk_get_port
Ok, I've got it, so we have to do the same with the following:
quote from inet_hashtables.c and inet6_hashtables.c. I'll prepare the
patch.
And just a curious, does the /* Treat low > high as high == low */
idea will keep after the sysctl will be patched?
int inet_hash_connect(struct inet_timewait_death_row *death_row,
struct sock *sk)
{
struct inet_hashinfo *hinfo = death_row->hashinfo;
const unsigned short snum = inet_sk(sk)->num;
struct inet_bind_hashbucket *head;
struct inet_bind_bucket *tb;
int ret;
if (!snum) {
int low = sysctl_local_port_range[0];
int high = sysctl_local_port_range[1];
> int range = high - low;
int i;
int port;
static u32 hint;
u32 offset = hint + inet_sk_port_offset(sk);
struct hlist_node *node;
struct inet_timewait_sock *tw = NULL;
local_bh_disable();
for (i = 1; i <= range; i++) {
> port = low + (i + offset) % range;
"Denis V. Lunev" <den@...nvz.org> writes:
> This patch fixed a possible division-by-zero in inet_csk_get_port
> treating situation low > high as if low == high.
>
> Signed-off-by: Denis V. Lunev <den@...nvz.org>
> CC: Antov Arapov <aarapov@...hat.com>
>
> --- ./net/ipv4/inet_connection_sock.c.getport 2007-10-09 15:16:02.000000000 +0400
> +++ ./net/ipv4/inet_connection_sock.c 2007-10-10 12:44:04.000000000 +0400
> @@ -80,7 +80,14 @@ int inet_csk_get_port(struct inet_hashin
> int low = sysctl_local_port_range[0];
> int high = sysctl_local_port_range[1];
> int remaining = (high - low) + 1;
> - int rover = net_random() % (high - low) + low;
> + int rover;
> +
> + /* Treat low > high as high == low */
> + if (remaining <= 1) {
> + remaining = 1;
> + rover = low;
> + } else
> + rover = net_random() % (high - low) + low;
>
> do {
> head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)];
--
Anton Arapov, <aarapov@...hat.com>
Kernel Development, Red Hat
GPG Key ID: 0x6FA8C812
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists