Hi,
On Mon, 7 Nov 2011, Witold Baryluk wrote:
> in file et/netfilter/ipset/ip_set_hash_ipportnet.c
> in functionhash_ipportnet4_uadt(...)
> variable u32 ip_to, can be used uninitialized
> in line 283
> for (; !before(ip_to, ip); ip++) {
>
> because, if both tb[IPSET_ATTR_IP_TO] and tb[IPSET_ATTR_CIDR]
> are false, then there is no initialization of ip_to.
>
> CC [M] net/netfilter/ipset/ip_set_hash_ipportnet.o
> net/netfilter/ipset/ip_set_hash_ipportnet.c: In function ?hash_ipportnet4_uadt?:
> include/net/tcp.h:266:28: warning: ?ip_to? may be used uninitialized in this function [-Wuninitialized]
> net/netfilter/ipset/ip_set_hash_ipportnet.c:187:10: note: ?ip_to? was declared here
Which ipset version you are looking at? What gcc version are you running?
ip_to is explicitly initialized to zero in line 187 in the current ipset
version.
> I think this should be fixed be properly initializing / using ip_to,
> or by telling compiler that some of paths will end in initialization.
>
> Also why on earth a before(a,b) function is used
> to compare IP addresses? Shouldn't before(seq1,seq2) function
> be used only to compare TCP sequnce numbers?!
That's a quick way to avoid wraparound in the for loop.
Best regards,
Jozsef
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
