Ok, I've got it, so we have to do the same with the following: quote from inet_hashtables.c and inet6_hashtables.c. I'll prepare the patch.
And just a curious, does the /* Treat low > high as high == low */
idea will keep after the sysctl will be patched?
int inet_hash_connect(struct inet_timewait_death_row *death_row,
struct sock *sk)
{
struct inet_hashinfo *hinfo = death_row->hashinfo;
const unsigned short snum = inet_sk(sk)->num;
struct inet_bind_hashbucket *head;
struct inet_bind_bucket *tb;
int ret;
if (!snum) {
int low = sysctl_local_port_range[0];
int high = sysctl_local_port_range[1];
> int range = high - low;
int i;
int port;
static u32 hint;
u32 offset = hint + inet_sk_port_offset(sk);
struct hlist_node *node;
struct inet_timewait_sock *tw = NULL;
local_bh_disable();
for (i = 1; i <= range; i++) {
> port = low + (i + offset) % range;
"Denis V. Lunev" <[EMAIL PROTECTED]> writes:
> This patch fixed a possible division-by-zero in inet_csk_get_port
> treating situation low > high as if low == high.
>
> Signed-off-by: Denis V. Lunev <[EMAIL PROTECTED]>
> CC: Antov Arapov <[EMAIL PROTECTED]>
>
> --- ./net/ipv4/inet_connection_sock.c.getport 2007-10-09 15:16:02.000000000
> +0400
> +++ ./net/ipv4/inet_connection_sock.c 2007-10-10 12:44:04.000000000 +0400
> @@ -80,7 +80,14 @@ int inet_csk_get_port(struct inet_hashin
> int low = sysctl_local_port_range[0];
> int high = sysctl_local_port_range[1];
> int remaining = (high - low) + 1;
> - int rover = net_random() % (high - low) + low;
> + int rover;
> +
> + /* Treat low > high as high == low */
> + if (remaining <= 1) {
> + remaining = 1;
> + rover = low;
> + } else
> + rover = net_random() % (high - low) + low;
>
> do {
> head = &hashinfo->bhash[inet_bhashfn(rover,
> hashinfo->bhash_size)];
--
Anton Arapov, <[EMAIL PROTECTED]>
Kernel Development, Red Hat
GPG Key ID: 0x6FA8C812
pgp4C9bqqJZFq.pgp
Description: PGP signature
