netfilter: nf_nat: fix out-of-bounds access in address selection
authorFlorian Westphal <fw@strlen.de>
Wed, 5 Sep 2012 10:10:28 +0000 (10:10 +0000)
committerPablo Neira Ayuso <pablo@netfilter.org>
Sun, 9 Sep 2012 18:18:55 +0000 (20:18 +0200)
include/linux/jhash.h:138:16: warning: array subscript is above array bounds
[jhash2() expects the number of u32 in the key]

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_nat_core.c

index 29d4452351990d20f763d51c269734094a313d47..1816ad381485621ed5d68ff938662636478128fa 100644 (file)
@@ -255,7 +255,7 @@ find_best_ips_proto(u16 zone, struct nf_conntrack_tuple *tuple,
         * client coming from the same IP (some Internet Banking sites
         * like this), even across reboots.
         */
-       j = jhash2((u32 *)&tuple->src.u3, sizeof(tuple->src.u3),
+       j = jhash2((u32 *)&tuple->src.u3, sizeof(tuple->src.u3) / sizeof(u32),
                   range->flags & NF_NAT_RANGE_PERSISTENT ?
                        0 : (__force u32)tuple->dst.u3.all[max] ^ zone);