Commit f9121355 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso

netfilter: nft_set_rbtree: incorrect assumption on lower interval lookups

In case of adjacent ranges, we may indeed see either the high part of
the range in first place or the low part of it. Remove this incorrect
assumption, let's make sure we annotate the low part of the interval in
case of we have adjacent interva intervals so we hit a matching in
lookups.
Reported-by: default avatarSimon Hanisch <hanisch@wh2.tu-dresden.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent da2f27e9
...@@ -60,11 +60,10 @@ static bool nft_rbtree_lookup(const struct net *net, const struct nft_set *set, ...@@ -60,11 +60,10 @@ static bool nft_rbtree_lookup(const struct net *net, const struct nft_set *set,
d = memcmp(this, key, set->klen); d = memcmp(this, key, set->klen);
if (d < 0) { if (d < 0) {
parent = parent->rb_left; parent = parent->rb_left;
/* In case of adjacent ranges, we always see the high if (interval &&
* part of the range in first place, before the low one. nft_rbtree_equal(set, this, interval) &&
* So don't update interval if the keys are equal. nft_rbtree_interval_end(this) &&
*/ !nft_rbtree_interval_end(interval))
if (interval && nft_rbtree_equal(set, this, interval))
continue; continue;
interval = rbe; interval = rbe;
} else if (d > 0) } else if (d > 0)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment