On Mon, 27 Aug 2007, Sami Farin wrote:
Your mask_to_bits function results into infinite loop if called
with parameter 1, for example.
If you care only about first set bit, i.e. you do not bother checking
is netmask valid, you can use:
static inline unsigned int mask_to_bits(ip_set_ip_t mask)
{
if (mask == 0) return 0;
return 33 - ffs(mask);
}
ipset does not allow to pass '1' as the parameter to this function.
But you are right, a malicious root user is able to form a request
which can contain not properly handled values.
I can't recall why I did not use ffs at the first place.
Best regards,
Jozsef
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
