Re: ipset: usage of unitialized variable ip_to in ip_set_hash_ipportnet.c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On Mon, 7 Nov 2011, Witold Baryluk wrote:

> in file et/netfilter/ipset/ip_set_hash_ipportnet.c
> in functionhash_ipportnet4_uadt(...)
> variable u32 ip_to, can be used uninitialized
> in line 283
> 	for (; !before(ip_to, ip); ip++) {
> 
> because, if both tb[IPSET_ATTR_IP_TO] and tb[IPSET_ATTR_CIDR]
> are false, then there is no initialization of ip_to.
> 
>   CC [M]  net/netfilter/ipset/ip_set_hash_ipportnet.o
> net/netfilter/ipset/ip_set_hash_ipportnet.c: In function ?hash_ipportnet4_uadt?:
> include/net/tcp.h:266:28: warning: ?ip_to? may be used uninitialized in this function [-Wuninitialized]
> net/netfilter/ipset/ip_set_hash_ipportnet.c:187:10: note: ?ip_to? was declared here

Which ipset version you are looking at? What gcc version are you running?

ip_to is explicitly initialized to zero in line 187 in the current ipset 
version.
 
> I think this should be fixed be properly initializing / using ip_to,
> or by telling compiler that some of paths will end in initialization.
>  
> Also why on earth a before(a,b) function is used
> to compare IP addresses? Shouldn't before(seq1,seq2) function
> be used only to compare TCP sequnce numbers?!

That's a quick way to avoid wraparound in the for loop.

Best regards,
Jozsef
-
E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux