mirror of https://gitee.com/openkylin/linux.git
netfilter: fix hardcoded size assumptions
get_random_bytes() is sometimes called with a hard coded size assumption of an integer. This could not be true for next centuries. This patch replace it with a compile time statement. Signed-off-by: Hagen Paul Pfeifer <hagen@jauu.net> Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
parent
e478075c6f
commit
af07d241dc
|
@ -472,7 +472,8 @@ struct nf_conn *nf_conntrack_alloc(struct net *net,
|
|||
struct nf_conn *ct;
|
||||
|
||||
if (unlikely(!nf_conntrack_hash_rnd_initted)) {
|
||||
get_random_bytes(&nf_conntrack_hash_rnd, 4);
|
||||
get_random_bytes(&nf_conntrack_hash_rnd,
|
||||
sizeof(nf_conntrack_hash_rnd));
|
||||
nf_conntrack_hash_rnd_initted = 1;
|
||||
}
|
||||
|
||||
|
@ -1103,7 +1104,7 @@ int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp)
|
|||
|
||||
/* We have to rehahs for the new table anyway, so we also can
|
||||
* use a newrandom seed */
|
||||
get_random_bytes(&rnd, 4);
|
||||
get_random_bytes(&rnd, sizeof(rnd));
|
||||
|
||||
/* Lookups in the old hash might happen in parallel, which means we
|
||||
* might get false negatives during connection lookup. New connections
|
||||
|
|
|
@ -72,7 +72,8 @@ static unsigned int nf_ct_expect_dst_hash(const struct nf_conntrack_tuple *tuple
|
|||
unsigned int hash;
|
||||
|
||||
if (unlikely(!nf_ct_expect_hash_rnd_initted)) {
|
||||
get_random_bytes(&nf_ct_expect_hash_rnd, 4);
|
||||
get_random_bytes(&nf_ct_expect_hash_rnd,
|
||||
sizeof(nf_ct_expect_hash_rnd));
|
||||
nf_ct_expect_hash_rnd_initted = 1;
|
||||
}
|
||||
|
||||
|
|
|
@ -149,7 +149,7 @@ dsthash_alloc_init(struct xt_hashlimit_htable *ht,
|
|||
/* initialize hash with random val at the time we allocate
|
||||
* the first hashtable entry */
|
||||
if (!ht->rnd_initialized) {
|
||||
get_random_bytes(&ht->rnd, 4);
|
||||
get_random_bytes(&ht->rnd, sizeof(ht->rnd));
|
||||
ht->rnd_initialized = 1;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue