netfilter: nft_hash: fix hash overflow validation
The overflow validation in the init() function establishes that the
maximum value that the hash could reach is less than U32_MAX, which is
likely to be true.
The fix detects the overflow when the maximum hash value is less than
the offset itself.
Fixes: 70ca767ea1
("netfilter: nft_hash: Add hash offset value")
Reported-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
2e917d602a
commit
14e2dee099
@ -76,7 +76,7 @@ static int nft_hash_init(const struct nft_ctx *ctx,
|
||||
if (priv->modulus <= 1)
|
||||
return -ERANGE;
|
||||
|
||||
if (priv->offset + priv->modulus - 1 < U32_MAX)
|
||||
if (priv->offset + priv->modulus - 1 < priv->offset)
|
||||
return -EOVERFLOW;
|
||||
|
||||
priv->seed = ntohl(nla_get_be32(tb[NFTA_HASH_SEED]));
|
||||
|
Loading…
Reference in New Issue
Block a user