iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: nf_nat: fix out-of-bounds access in address selection

Browse Source 
include/linux/jhash.h:138:16: warning: array subscript is above array bounds
[jhash2() expects the number of u32 in the key]

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal 2012-09-05 10:10:28 +00:00 committed by Pablo Neira Ayuso
parent 00545bec94
commit 5693d68df6
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
net/netfilter/nf_nat_core.c
View File

@ -255,7 +255,7 @@ find_best_ips_proto(u16 zone, struct nf_conntrack_tuple *tuple,
* client coming from the same IP (some Internet Banking sites * client coming from the same IP (some Internet Banking sites
* like this), even across reboots. * like this), even across reboots.
*/ */
j = jhash2((u32 *)&tuple->src.u3, sizeof(tuple->src.u3), j = jhash2((u32 *)&tuple->src.u3, sizeof(tuple->src.u3) / sizeof(u32),
range->flags & NF_NAT_RANGE_PERSISTENT ? range->flags & NF_NAT_RANGE_PERSISTENT ?
0 : (__force u32)tuple->dst.u3.all[max] ^ zone); 0 : (__force u32)tuple->dst.u3.all[max] ^ zone);