Commit 8af1c6fb authored by Jozsef Kadlecsik's avatar Jozsef Kadlecsik
Browse files

netfilter: ipset: Fix forceadd evaluation path 



When the forceadd option is enabled, the hash:* types should find and replace
the first entry in the bucket with the new one if there are no reuseable
(deleted or timed out) entries. However, the position index was just not set
to zero and remained the invalid -1 if there were no reuseable entries.

Reported-by: default avatar <syzbot+6a86565c74ebe30aea18@syzkaller.appspotmail.com>
Fixes: 23c42a40 ("netfilter: ipset: Introduction of new commands and protocol version 7")
Signed-off-by: default avatarJozsef Kadlecsik <kadlec@netfilter.org>
parent f66ee041

net/netfilter/ipset/ip_set_hash_gen.h

+2 −0
Original line number Diff line number Diff line
@@ -931,6 +931,8 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext, 
		}

	}

	if (reuse || forceadd) {

		if (j == -1)

			j = 0;

		data = ahash_data(n, j, set->dsize);

		if (!deleted) {

#ifdef IP_SET_HASH_WITH_NETS

CRA Git | Maintained and supported by SUSTech CRA and CCSE