git.ipfire.org Git - thirdparty/ipset.git/commit

author	Nathan Chancellor <nathan@kernel.org>
	Tue, 3 Aug 2021 19:31:02 +0000 (21:31 +0200)
committer	Jozsef Kadlecsik <kadlec@netfilter.org>
	Tue, 3 Aug 2021 19:31:02 +0000 (21:31 +0200)
commit	da5454caa3158a59d65c8d6555a773674bb5055b
tree	e1b55886dfeed60918cbb339579a99979e85e829	tree \| snapshot
parent	6722372e98b2b50888e98b2f2c83c84d89ce072e	commit \| diff

netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt()

Clang warns:

net/netfilter/ipset/ip_set_hash_ipportnet.c:249:29: warning: variable
'port_to' is uninitialized when used here [-Wuninitialized]
        if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE)
                                   ^~~~~~~
net/netfilter/ipset/ip_set_hash_ipportnet.c:167:45: note: initialize the
variable 'port_to' to silence this warning
        u32 ip = 0, ip_to = 0, p = 0, port, port_to;
                                                   ^
                                                    = 0
net/netfilter/ipset/ip_set_hash_ipportnet.c:249:39: warning: variable
'port' is uninitialized when used here [-Wuninitialized]
        if (((u64)ip_to - ip + 1)*(port_to - port + 1) > IPSET_MAX_RANGE)
                                             ^~~~
net/netfilter/ipset/ip_set_hash_ipportnet.c:167:36: note: initialize the
variable 'port' to silence this warning
        u32 ip = 0, ip_to = 0, p = 0, port, port_to;
                                          ^
                                           = 0
2 warnings generated.

The range check was added before port and port_to are initialized.
Shuffle the check after the initialization so that the check works
properly.

Fixes: 7fb6c63025ff ("netfilter: ipset: Limit the maximal range of consecutive elements to
add/delete")

Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>