[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20210804084355.GA1483@salvia>
Date: Wed, 4 Aug 2021 10:43:55 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: Nathan Chancellor <nathan@...nel.org>
Cc: Jozsef Kadlecsik <kadlec@...filter.org>,
Florian Westphal <fw@...len.de>,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
clang-built-linux@...glegroups.com,
Nick Desaulniers <ndesaulniers@...gle.com>,
kernel test robot <lkp@...el.com>
Subject: Re: [PATCH] netfilter: ipset: Fix maximal range check in
hash_ipportnet4_uadt()
On Tue, Aug 03, 2021 at 12:18:13PM -0700, Nathan Chancellor wrote:
> Clang warns:
>
> net/netfilter/ipset/ip_set_hash_ipportnet.c:249:29: warning: variable
> 'port_to' is uninitialized when used here [-Wuninitialized]
> if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE)
> ^~~~~~~
> net/netfilter/ipset/ip_set_hash_ipportnet.c:167:45: note: initialize the
> variable 'port_to' to silence this warning
> u32 ip = 0, ip_to = 0, p = 0, port, port_to;
> ^
> = 0
> net/netfilter/ipset/ip_set_hash_ipportnet.c:249:39: warning: variable
> 'port' is uninitialized when used here [-Wuninitialized]
> if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE)
> ^~~~
> net/netfilter/ipset/ip_set_hash_ipportnet.c:167:36: note: initialize the
> variable 'port' to silence this warning
> u32 ip = 0, ip_to = 0, p = 0, port, port_to;
> ^
> = 0
> 2 warnings generated.
>
> The range check was added before port and port_to are initialized.
> Shuffle the check after the initialization so that the check works
> properly.
For the record: I have squashed this fix into the original patch in
nf.git to make it easier to pass it on to -stable.
Thanks.
Powered by blists - more mailing lists