Blame netfilter-ipset-Fix-hash-type-expiration.patch
|
|
f4cab3b |
From 7210b25e452780f0792e04dd9f84f3a02c582ab7 Mon Sep 17 00:00:00 2001
|
|
|
f4cab3b |
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
f4cab3b |
Date: Sat, 7 Nov 2015 11:23:34 +0100
|
|
|
f4cab3b |
Subject: [PATCH 2/3] netfilter: ipset: Fix hash:* type expiration
|
|
|
f4cab3b |
|
|
|
f4cab3b |
Incorrect index was used when the data blob was shrinked at expiration,
|
|
|
f4cab3b |
which could lead to falsely expired entries and memory leak when
|
|
|
f4cab3b |
the comment extension was used too.
|
|
|
f4cab3b |
|
|
|
f4cab3b |
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
f4cab3b |
---
|
|
|
f4cab3b |
net/netfilter/ipset/ip_set_hash_gen.h | 2 +-
|
|
|
f4cab3b |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
f4cab3b |
|
|
|
f4cab3b |
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
|
|
|
f4cab3b |
index 4ff22194ce55..fa4f6374bb73 100644
|
|
|
f4cab3b |
--- a/net/netfilter/ipset/ip_set_hash_gen.h
|
|
|
f4cab3b |
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
|
|
|
f4cab3b |
@@ -523,7 +523,7 @@ mtype_expire(struct ip_set *set, struct htype *h, u8 nets_length, size_t dsize)
|
|
|
f4cab3b |
continue;
|
|
|
f4cab3b |
data = ahash_data(n, j, dsize);
|
|
|
f4cab3b |
memcpy(tmp->value + d * dsize, data, dsize);
|
|
|
f4cab3b |
- set_bit(j, tmp->used);
|
|
|
f4cab3b |
+ set_bit(d, tmp->used);
|
|
|
f4cab3b |
d++;
|
|
|
f4cab3b |
}
|
|
|
f4cab3b |
tmp->pos = d;
|
|
|
f4cab3b |
--
|
|
|
f4cab3b |
2.4.3
|
|
|
f4cab3b |
|