[RH7,1/2] ms/netfilter: ipset: Fix forceadd evaluation path

Submitted by Vasily Averin on Dec. 1, 2020, 8:43 a.m.


Message ID e8364247-1047-ee24-9e3a-f3169ddb0812@virtuozzo.com
State New
Series "Series without cover letter"
Headers show

Commit Message

Vasily Averin Dec. 1, 2020, 8:43 a.m.
From: Jozsef Kadlecsik <kadlec@netfilter.org>

When the forceadd option is enabled, the hash:* types should find and replace
the first entry in the bucket with the new one if there are no reuseable
(deleted or timed out) entries. However, the position index was just not set
to zero and remained the invalid -1 if there were no reuseable entries.

Reported-by: syzbot+6a86565c74ebe30aea18@syzkaller.appspotmail.com
Fixes: 23c42a403a9c ("netfilter: ipset: Introduction of new commands and protocol version 7")
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>

(cherry-picked from commit 8af1c6fbd9239877998c7f5a591cb2c88d41fb66)
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
 net/netfilter/ipset/ip_set_hash_gen.h | 2 ++
 1 file changed, 2 insertions(+)

Patch hide | download patch | download mbox

diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index aa10e4a..45046e5 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -758,6 +758,8 @@  mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
 	if (reuse || forceadd) {
+		if (j == -1)
+			j = 0;
 		data = ahash_data(n, j, set->dsize);
 		if (!deleted) {