Hi Laura,
2016-09-06 14:44 GMT+08:00 Laura Garcia Liebana <nevola@xxxxxxxxx>:
> static int nft_hash_init(const struct nft_ctx *ctx,
> @@ -60,6 +62,11 @@ static int nft_hash_init(const struct nft_ctx *ctx,
> !tb[NFTA_HASH_MODULUS])
> return -EINVAL;
>
> + if (tb[NFTA_HASH_SUM])
> + priv->sum = ntohl(nla_get_be32(tb[NFTA_HASH_SUM]));
> + else
> + priv->sum = 0;
> +
> priv->sreg = nft_parse_register(tb[NFTA_HASH_SREG]);
> if (priv->sreg < 0)
> return -ERANGE;
> @@ -77,6 +84,9 @@ static int nft_hash_init(const struct nft_ctx *ctx,
> if (priv->modulus <= 1)
> return -ERANGE;
>
> + if (priv->sum + priv->modulus - 1 < U32_MAX)
> + return -EOVERFLOW;
I think this judgement here is wrong, it is likely to be true...
When two integer a and b do addition operation, and the calculation
results satisfy the
following conditions: (a + b < a) or (a + b < b), then we can assure
that integer overflow
happened.
So the judgement should be converted to:
if (priv->sum + priv->modulus - 1 < priv->sum)
> +
> priv->seed = ntohl(nla_get_be32(tb[NFTA_HASH_SEED]));
>
> return nft_validate_register_load(priv->sreg, priv->len) &&
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
