Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 48596a8d authored by Jozsef Kadlecsik's avatar Jozsef Kadlecsik Committed by Pablo Neira Ayuso
Browse files

netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses 



Wrong comparison prevented the hash types to add a range with more than
2^31 addresses but reported as a success.

Fixes Netfilter's bugzilla id #1005, reported by Oleg Serditov and
Oliver Ford.

Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 89fcbb56

net/netfilter/ipset/ip_set_hash_ip.c

+12 −10
Original line number Diff line number Diff line
@@ -123,13 +123,12 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[], 
		return ret;



	ip &= ip_set_hostmask(h->netmask);



	if (adt == IPSET_TEST) {

	e.ip = htonl(ip);

	if (e.ip == 0)

		return -IPSET_ERR_HASH_ELEM;



	if (adt == IPSET_TEST)

		return adtfn(set, &e, &ext, &ext, flags);

	}



	ip_to = ip;

	if (tb[IPSET_ATTR_IP_TO]) {
@@ -148,17 +147,20 @@ hash_ip4_uadt(struct ip_set *set, struct nlattr *tb[], 


	hosts = h->netmask == 32 ? 1 : 2 << (32 - h->netmask - 1);



	if (retried)

	if (retried) {

		ip = ntohl(h->next.ip);

	for (; !before(ip_to, ip); ip += hosts) {

		e.ip = htonl(ip);

		if (e.ip == 0)

			return -IPSET_ERR_HASH_ELEM;

	}

	for (; ip <= ip_to;) {

		ret = adtfn(set, &e, &ext, &ext, flags);



		if (ret && !ip_set_eexist(ret, flags))

			return ret;



		ip += hosts;

		e.ip = htonl(ip);

		if (e.ip == 0)

			return 0;



		ret = 0;

	}

	return ret;

net/netfilter/ipset/ip_set_hash_ipmark.c

+1 −1
Original line number Diff line number Diff line
@@ -149,7 +149,7 @@ hash_ipmark4_uadt(struct ip_set *set, struct nlattr *tb[], 


	if (retried)

		ip = ntohl(h->next.ip);

	for (; !before(ip_to, ip); ip++) {

	for (; ip <= ip_to; ip++) {

		e.ip = htonl(ip);

		ret = adtfn(set, &e, &ext, &ext, flags);

net/netfilter/ipset/ip_set_hash_ipport.c

+1 −1
Original line number Diff line number Diff line
@@ -178,7 +178,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[], 


	if (retried)

		ip = ntohl(h->next.ip);

	for (; !before(ip_to, ip); ip++) {

	for (; ip <= ip_to; ip++) {

		p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port)

						       : port;

		for (; p <= port_to; p++) {

net/netfilter/ipset/ip_set_hash_ipportip.c

+1 −1
Original line number Diff line number Diff line
@@ -185,7 +185,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[], 


	if (retried)

		ip = ntohl(h->next.ip);

	for (; !before(ip_to, ip); ip++) {

	for (; ip <= ip_to; ip++) {

		p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port)

						       : port;

		for (; p <= port_to; p++) {

net/netfilter/ipset/ip_set_hash_ipportnet.c

+2 −2
Original line number Diff line number Diff line
@@ -271,7 +271,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[], 


	if (retried)

		ip = ntohl(h->next.ip);

	for (; !before(ip_to, ip); ip++) {

	for (; ip <= ip_to; ip++) {

		e.ip = htonl(ip);

		p = retried && ip == ntohl(h->next.ip) ? ntohs(h->next.port)

						       : port;
@@ -281,7 +281,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[], 
			      ip == ntohl(h->next.ip) &&

			      p == ntohs(h->next.port)

				? ntohl(h->next.ip2) : ip2_from;

			while (!after(ip2, ip2_to)) {

			while (ip2 <= ip2_to) {

				e.ip2 = htonl(ip2);

				ip2_last = ip_set_range_to_cidr(ip2, ip2_to,

								&cidr);