Commit 5693d68d authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: nf_nat: fix out-of-bounds access in address selection 



include/linux/jhash.h:138:16: warning: array subscript is above array bounds
[jhash2() expects the number of u32 in the key]

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 00545bec

net/netfilter/nf_nat_core.c

+1 −1
Original line number Diff line number Diff line
@@ -255,7 +255,7 @@ find_best_ips_proto(u16 zone, struct nf_conntrack_tuple *tuple, 
	 * client coming from the same IP (some Internet Banking sites

	 * like this), even across reboots.

	 */

	j = jhash2((u32 *)&tuple->src.u3, sizeof(tuple->src.u3),

	j = jhash2((u32 *)&tuple->src.u3, sizeof(tuple->src.u3) / sizeof(u32),

		   range->flags & NF_NAT_RANGE_PERSISTENT ?

			0 : (__force u32)tuple->dst.u3.all[max] ^ zone);

CRA Git | Maintained and supported by SUSTech CRA and CCSE