| From a43ff8e0168aa071b98b238c6806cc05e143bc5f Mon Sep 17 00:00:00 2001 |
| From: Jozsef Kadlecsik <kadlec@netfilter.org> |
| Date: Sat, 22 Feb 2020 12:01:43 +0100 |
| Subject: [PATCH] netfilter: ipset: Fix forceadd evaluation path |
| |
| commit 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 upstream. |
| |
| When the forceadd option is enabled, the hash:* types should find and replace |
| the first entry in the bucket with the new one if there are no reuseable |
| (deleted or timed out) entries. However, the position index was just not set |
| to zero and remained the invalid -1 if there were no reuseable entries. |
| |
| Reported-by: syzbot+6a86565c74ebe30aea18@syzkaller.appspotmail.com |
| Fixes: 23c42a403a9c ("netfilter: ipset: Introduction of new commands and protocol version 7") |
| Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h |
| index 3852332d3944..c6f8a0ee4e3b 100644 |
| --- a/net/netfilter/ipset/ip_set_hash_gen.h |
| +++ b/net/netfilter/ipset/ip_set_hash_gen.h |
| @@ -932,6 +932,8 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext, |
| } |
| } |
| if (reuse || forceadd) { |
| + if (j == -1) |
| + j = 0; |
| data = ahash_data(n, j, set->dsize); |
| if (!deleted) { |
| #ifdef IP_SET_HASH_WITH_NETS |
| -- |
| 2.7.4 |
| |