diff options
| author |   Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2017-09-23 23:37:40 +0200 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2017-09-26 20:15:04 +0200 |
| commit | 48596a8ddc46f96afb6a2cd72787cb15d6bb01fc (patch) | |
| tree | aee6458d67c8ea60bc2287880aab5cc1430d6501 /net/netfilter/ipset/ip_set_hash_netport.c | |
| parent | netfilter: xt_socket: Restore mark from full sockets only (diff) | |
| download | linux-dev-48596a8ddc46f96afb6a2cd72787cb15d6bb01fc.tar.xz linux-dev-48596a8ddc46f96afb6a2cd72787cb15d6bb01fc.zip | |
netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses
Wrong comparison prevented the hash types to add a range with more than
2^31 addresses but reported as a success.
Fixes Netfilter's bugzilla id #1005, reported by Oleg Serditov and
Oliver Ford.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/ipset/ip_set_hash_netport.c')
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_netport.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/ipset/ip_set_hash_netport.c b/net/netfilter/ipset/ip_set_hash_netport.c index 54b64b6cd0cd..e6ef382febe4 100644 --- a/net/netfilter/ipset/ip_set_hash_netport.c +++ b/net/netfilter/ipset/ip_set_hash_netport.c @@ -241,7 +241,7 @@ hash_netport4_uadt(struct ip_set *set, struct nlattr *tb[], if (retried) ip = ntohl(h->next.ip); - while (!after(ip, ip_to)) { + while (ip <= ip_to) { e.ip = htonl(ip); last = ip_set_range_to_cidr(ip, ip_to, &cidr); e.cidr = cidr - 1; |