On Tue, Sep 13, 2016 at 02:25:03PM +0800, Liping Zhang wrote: > Hi Laura, > > 2016-09-06 14:44 GMT+08:00 Laura Garcia Liebana <nevola@xxxxxxxxx>: > > static int nft_hash_init(const struct nft_ctx *ctx, > > @@ -60,6 +62,11 @@ static int nft_hash_init(const struct nft_ctx *ctx, > > !tb[NFTA_HASH_MODULUS]) > > return -EINVAL; > > > > + if (tb[NFTA_HASH_SUM]) > > + priv->sum = ntohl(nla_get_be32(tb[NFTA_HASH_SUM])); > > + else > > + priv->sum = 0; > > + > > priv->sreg = nft_parse_register(tb[NFTA_HASH_SREG]); > > if (priv->sreg < 0) > > return -ERANGE; > > @@ -77,6 +84,9 @@ static int nft_hash_init(const struct nft_ctx *ctx, > > if (priv->modulus <= 1) > > return -ERANGE; > > > > + if (priv->sum + priv->modulus - 1 < U32_MAX) > > + return -EOVERFLOW; > > I think this judgement here is wrong, it is likely to be true... > > When two integer a and b do addition operation, and the calculation > results satisfy the > following conditions: (a + b < a) or (a + b < b), then we can assure > that integer overflow > happened. > > So the judgement should be converted to: > if (priv->sum + priv->modulus - 1 < priv->sum) > Absolutely true, i'll send a patch to fix that. Thank you! > > + > > priv->seed = ntohl(nla_get_be32(tb[NFTA_HASH_SEED])); > > > > return nft_validate_register_load(priv->sreg, priv->len) && -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
