Re: [PATCH v3] netfilter: ipset: Fix serious failure in CIDR tracking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday 13 September 2013 22:03:36 you wrote:
<snip>
> 
> I couldn't follow your reasoning above, maybe it's just too late here.
> 
> Anyway, I'd like to ask you two small modifications compared to v3 and
> that's all:
> 
> - Change the condition of the first "if" to an inequality, with a
>   continue statement in the if body. Thus the next lines can be shifted
>   to the left, for better readability.

OK, sounds good, I assume you mean v4, since a continue would not be valid in 
v3.

> - Move the "i == net_end" test to the last position, because that is
>   the less likely case.

This would create an error if we reached the very last possible iteration 
(i.e. *i* being 1 less than nets_length) - we need to check if it is equal to 
net_end (i.e. nets_length - 1) in the order it is right now so that we do not 
attempt a memory access beyond the boundary of the array (i.e. the final [i + 
1] check within the if() statement).

I'll land the new patch shortly.

Kind Regards,
Oliver.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux