Remove unnecessary uint wraparound checks which prohibited two's
complement representation of negative number in "@" operation.
It is required to test last N bytes of variable length formats and to be
consistent with libxt parser which silently replaces negative number by
its compliment.
For example, --u32 '0&0xFFFF@-4=0' will read IPv4 total length header
then add complement of -4 to test if the last 4 bytes are 0. Previously,
it would never match as (total length)+0xFFFFFFFC always overflow.
Signed-off-by: Takero Funaki <rapha...@gmail.com>
---
net/netfilter/xt_u32.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net/netfilter/xt_u32.c b/net/netfilter/xt_u32.c
index a95b5034..9de339d 100644
--- a/net/netfilter/xt_u32.c
+++ b/net/netfilter/xt_u32.c
@@ -57,12 +57,12 @@ static bool u32_match_it(const struct xt_u32 *data,
val >>= number;
break;
case XT_U32_AT:
- if (at + val < at)
- return false;
at += val;
pos = number;
- if (at + 4 < at || skb->len < at + 4 ||
- pos > skb->len - at - 4)
+ /* unsigned integer may wraparound
+ * to represent negative offset
+ */
+ if (at + pos > skb->len - 4)
return false;
if (skb_copy_bits(skb, at + pos, &n,
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
