]>
Commit | Line | Data |
---|---|---|
88582bb0 FG |
1 | From 6fa9fc0ce1032710ce017c444b0c66eaf9e77782 Mon Sep 17 00:00:00 2001 |
2 | From: Pablo Neira Ayuso <pablo@netfilter.org> | |
3 | Date: Mon, 22 May 2017 00:17:30 +0200 | |
4 | Subject: [PATCH linux] netfilter: nft_set_rbtree: handle re-addition element | |
5 | after deletion | |
6 | ||
7 | The existing code selects no next branch to be inspected when | |
8 | re-inserting an inactive element into the rb-tree, looping endlessly. | |
9 | This patch restricts the check for active elements to the EEXIST case | |
10 | only. | |
11 | ||
12 | Fixes: e701001e7cbe ("netfilter: nft_rbtree: allow adjacent intervals with dynamic updates") | |
13 | Reported-by: Wolfgang Bumiller <w.bumiller@proxmox.com> | |
14 | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | |
15 | --- | |
16 | net/netfilter/nft_set_rbtree.c | 22 +++++++++++----------- | |
17 | 1 file changed, 11 insertions(+), 11 deletions(-) | |
18 | ||
19 | diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c | |
20 | index f06f55e..51ff879 100644 | |
21 | --- a/net/netfilter/nft_set_rbtree.c | |
22 | +++ b/net/netfilter/nft_set_rbtree.c | |
23 | @@ -118,17 +118,17 @@ static int __nft_rbtree_insert(const struct net *net, const struct nft_set *set, | |
24 | else if (d > 0) | |
25 | p = &parent->rb_right; | |
26 | else { | |
27 | - if (nft_set_elem_active(&rbe->ext, genmask)) { | |
28 | - if (nft_rbtree_interval_end(rbe) && | |
29 | - !nft_rbtree_interval_end(new)) | |
30 | - p = &parent->rb_left; | |
31 | - else if (!nft_rbtree_interval_end(rbe) && | |
32 | - nft_rbtree_interval_end(new)) | |
33 | - p = &parent->rb_right; | |
34 | - else { | |
35 | - *ext = &rbe->ext; | |
36 | - return -EEXIST; | |
37 | - } | |
38 | + if (nft_rbtree_interval_end(rbe) && | |
39 | + !nft_rbtree_interval_end(new)) { | |
40 | + p = &parent->rb_left; | |
41 | + } else if (!nft_rbtree_interval_end(rbe) && | |
42 | + nft_rbtree_interval_end(new)) { | |
43 | + p = &parent->rb_right; | |
44 | + } else if (nft_set_elem_active(&rbe->ext, genmask)) { | |
45 | + *ext = &rbe->ext; | |
46 | + return -EEXIST; | |
47 | + } else { | |
48 | + p = &parent->rb_left; | |
49 | } | |
50 | } | |
51 | } | |
52 | -- | |
53 | 2.1.4 | |
54 |