lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Aug 2021 10:43:55 +0200 From: Pablo Neira Ayuso <pablo@...filter.org> To: Nathan Chancellor <nathan@...nel.org> Cc: Jozsef Kadlecsik <kadlec@...filter.org>, Florian Westphal <fw@...len.de>, netfilter-devel@...r.kernel.org, coreteam@...filter.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, clang-built-linux@...glegroups.com, Nick Desaulniers <ndesaulniers@...gle.com>, kernel test robot <lkp@...el.com> Subject: Re: [PATCH] netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt() On Tue, Aug 03, 2021 at 12:18:13PM -0700, Nathan Chancellor wrote: > Clang warns: > > net/netfilter/ipset/ip_set_hash_ipportnet.c:249:29: warning: variable > 'port_to' is uninitialized when used here [-Wuninitialized] > if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE) > ^~~~~~~ > net/netfilter/ipset/ip_set_hash_ipportnet.c:167:45: note: initialize the > variable 'port_to' to silence this warning > u32 ip = 0, ip_to = 0, p = 0, port, port_to; > ^ > = 0 > net/netfilter/ipset/ip_set_hash_ipportnet.c:249:39: warning: variable > 'port' is uninitialized when used here [-Wuninitialized] > if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE) > ^~~~ > net/netfilter/ipset/ip_set_hash_ipportnet.c:167:36: note: initialize the > variable 'port' to silence this warning > u32 ip = 0, ip_to = 0, p = 0, port, port_to; > ^ > = 0 > 2 warnings generated. > > The range check was added before port and port_to are initialized. > Shuffle the check after the initialization so that the check works > properly. For the record: I have squashed this fix into the original patch in nf.git to make it easier to pass it on to -stable. Thanks.
Powered by blists - more mailing lists