git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

author	Vishwanath Pai <vpai@akamai.com>
	Wed, 28 Sep 2022 18:26:50 +0000 (14:26 -0400)
committer	Thomas Lamprecht <t.lamprecht@proxmox.com>
	Wed, 14 Dec 2022 13:00:27 +0000 (14:00 +0100)
commit	05b058e25608d880ec3a367bffba0d6516e3cc8a
tree	9c1c5b84433853bf524274bdcc5aec95815e565b	tree
parent	acf2d38f46d8c10d2b52e8163ce63a58dc97293c	commit \| diff

netfilter: ipset: regression in ip_set_hash_ip.c

[ Upstream commit c7aa1a76d4a0a3c401025b60c401412bbb60f8c6 ]

This patch introduced a regression: commit 48596a8ddc46 ("netfilter:
ipset: Fix adding an IPv4 range containing more than 2^31 addresses")

The variable e.ip is passed to adtfn() function which finally adds the
ip address to the set. The patch above refactored the for loop and moved
e.ip = htonl(ip) to the end of the for loop.

What this means is that if the value of "ip" changes between the first
assignement of e.ip and the forloop, then e.ip is pointing to a
different ip address than "ip".

Test case:
$ ipset create jdtest_tmp hash:ip family inet hashsize 2048 maxelem 100000
$ ipset add jdtest_tmp 10.0.1.1/31
ipset v6.21.1: Element cannot be added to the set: it's already added

The value of ip gets updated inside the "else if (tb[IPSET_ATTR_CIDR])"
block but e.ip is still pointing to the old value.

Fixes: 48596a8ddc46 ("netfilter: ipset: Fix adding an IPv4 range containing more than 2^31 addresses")
Reviewed-by: Joshua Hunt <johunt@akamai.com>
Signed-off-by: Vishwanath Pai <vpai@akamai.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 8180099b2aeaa6037f71e87b151f9fab377b7e02)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>