| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Aug 2021 21:30:36 +0200 (CEST)
From: Jozsef Kadlecsik <kadlec@...filter.org>
To: Nathan Chancellor <nathan@...nel.org>
cc: Pablo Neira Ayuso <pablo@...filter.org>,
Florian Westphal <fw@...len.de>,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
clang-built-linux@...glegroups.com,
Nick Desaulniers <ndesaulniers@...gle.com>,
kernel test robot <lkp@...el.com>
Subject: Re: [PATCH] netfilter: ipset: Fix maximal range check in
hash_ipportnet4_uadt()
Hi,
On Tue, 3 Aug 2021, Nathan Chancellor wrote:
> Clang warns:
>
> net/netfilter/ipset/ip_set_hash_ipportnet.c:249:29: warning: variable
> 'port_to' is uninitialized when used here [-Wuninitialized]
> if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE)
> ^~~~~~~
> net/netfilter/ipset/ip_set_hash_ipportnet.c:167:45: note: initialize the
> variable 'port_to' to silence this warning
> u32 ip = 0, ip_to = 0, p = 0, port, port_to;
> ^
> = 0
> net/netfilter/ipset/ip_set_hash_ipportnet.c:249:39: warning: variable
> 'port' is uninitialized when used here [-Wuninitialized]
> if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE)
> ^~~~
> net/netfilter/ipset/ip_set_hash_ipportnet.c:167:36: note: initialize the
> variable 'port' to silence this warning
> u32 ip = 0, ip_to = 0, p = 0, port, port_to;
> ^
> = 0
> 2 warnings generated.
>
> The range check was added before port and port_to are initialized.
> Shuffle the check after the initialization so that the check works
> properly.
>
> Fixes: 7fb6c63025ff ("netfilter: ipset: Limit the maximal range of consecutive elements to add/delete")
> Reported-by: kernel test robot <lkp@...el.com>
> Signed-off-by: Nathan Chancellor <nathan@...nel.org>
Yes, good catch!
Acked-by: Jozsef Kadlecsik <kadlec@...filter.org>
Best regards,
Jozsef
> ---
> net/netfilter/ipset/ip_set_hash_ipportnet.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/net/netfilter/ipset/ip_set_hash_ipportnet.c b/net/netfilter/ipset/ip_set_hash_ipportnet.c
> index b293aa1ff258..7df94f437f60 100644
> --- a/net/netfilter/ipset/ip_set_hash_ipportnet.c
> +++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c
> @@ -246,9 +246,6 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
> ip_set_mask_from_to(ip, ip_to, cidr);
> }
>
> - if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE)
> - return -ERANGE;
> -
> port_to = port = ntohs(e.port);
> if (tb[IPSET_ATTR_PORT_TO]) {
> port_to = ip_set_get_h16(tb[IPSET_ATTR_PORT_TO]);
> @@ -256,6 +253,9 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
> swap(port, port_to);
> }
>
> + if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE)
> + return -ERANGE;
> +
> ip2_to = ip2_from;
> if (tb[IPSET_ATTR_IP2_TO]) {
> ret = ip_set_get_hostipaddr4(tb[IPSET_ATTR_IP2_TO], &ip2_to);
>
> base-commit: 4d3fc8ead710a06c98d36f382777c6a843a83b7c
> --
> 2.33.0.rc0
>
>
-
E-mail : kadlec@...ckhole.kfki.hu, kadlecsik.jozsef@...ner.hu
PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics
H-1525 Budapest 114, POB. 49, Hungary
Powered by blists - more mailing lists