From: Florian Westphal Date: Wed, 5 Sep 2012 10:10:28 +0000 (+0000) Subject: netfilter: nf_nat: fix out-of-bounds access in address selection X-Git-Tag: firefly_0821_release~3680^2~1949^2~177^2~3 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=5693d68df6883f039d24a4ce8b23ac48f94a73e5;p=firefly-linux-kernel-4.4.55.git netfilter: nf_nat: fix out-of-bounds access in address selection include/linux/jhash.h:138:16: warning: array subscript is above array bounds [jhash2() expects the number of u32 in the key] Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c index 29d445235199..1816ad381485 100644 --- a/net/netfilter/nf_nat_core.c +++ b/net/netfilter/nf_nat_core.c @@ -255,7 +255,7 @@ find_best_ips_proto(u16 zone, struct nf_conntrack_tuple *tuple, * client coming from the same IP (some Internet Banking sites * like this), even across reboots. */ - j = jhash2((u32 *)&tuple->src.u3, sizeof(tuple->src.u3), + j = jhash2((u32 *)&tuple->src.u3, sizeof(tuple->src.u3) / sizeof(u32), range->flags & NF_NAT_RANGE_PERSISTENT ? 0 : (__force u32)tuple->dst.u3.all[max] ^ zone);