You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
49 lines
1.7 KiB
49 lines
1.7 KiB
From 76a8ca39b3f95b898cd92546fb87ccaa2d1922c7 Mon Sep 17 00:00:00 2001 |
|
From: Phil Sutter <psutter@redhat.com> |
|
Date: Wed, 20 Jun 2018 09:22:47 +0200 |
|
Subject: [PATCH] hash: Fix potential null-pointer dereference in |
|
hash_expr_cmp() |
|
|
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1504157 |
|
Upstream Status: nftables commit 5043a1e4847c0 |
|
|
|
commit 5043a1e4847c0149dabaf0b529a14a43b957e5e4 |
|
Author: Phil Sutter <phil@nwl.cc> |
|
Date: Thu Mar 1 15:00:30 2018 +0100 |
|
|
|
hash: Fix potential null-pointer dereference in hash_expr_cmp() |
|
|
|
The first part of the conditional: |
|
|
|
| (e1->hash.expr || expr_cmp(e1->hash.expr, e2->hash.expr)) |
|
|
|
will call expr_cmp() in case e1->hash.expr is NULL, causing null-pointer |
|
dereference. This is probably a typo, the intention when introducing |
|
this was to avoid the call to expr_cmp() for symmetric hash expressions |
|
which don't use expr->hash.expr. Inverting the existence check should |
|
fix this. |
|
|
|
Fixes: 3a86406729782 ("src: hash: support of symmetric hash") |
|
Cc: Laura Garcia Liebana <nevola@gmail.com> |
|
Signed-off-by: Phil Sutter <phil@nwl.cc> |
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
|
--- |
|
src/hash.c | 2 +- |
|
1 file changed, 1 insertion(+), 1 deletion(-) |
|
|
|
diff --git a/src/hash.c b/src/hash.c |
|
index 3355cad..e699963 100644 |
|
--- a/src/hash.c |
|
+++ b/src/hash.c |
|
@@ -36,7 +36,7 @@ static void hash_expr_print(const struct expr *expr, struct output_ctx *octx) |
|
|
|
static bool hash_expr_cmp(const struct expr *e1, const struct expr *e2) |
|
{ |
|
- return (e1->hash.expr || |
|
+ return (!e1->hash.expr || |
|
expr_cmp(e1->hash.expr, e2->hash.expr)) && |
|
e1->hash.mod == e2->hash.mod && |
|
e1->hash.seed_set == e2->hash.seed_set && |
|
-- |
|
1.8.3.1 |
|
|
|
|