Re: [PATCH] ipv4: fib_rules: Fix possible infinite loop in fib_empty_table

From: David Miller
Date: Sat Dec 29 2018 - 00:15:11 EST

Next message: David Miller: "Re: [PATCH net] ethtool: check the return value of get_regs_len"
Previous message: David Miller: "Re: [PATCH v3] soc/fsl/qe: fix err handling of ucc_of_parse_tdm"
In reply to: YueHaibing: "[PATCH] ipv4: fib_rules: Fix possible infinite loop in fib_empty_table"
Next in thread: YueHaibing: "Re: [PATCH] ipv4: fib_rules: Fix possible infinite loop in fib_empty_table"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: YueHaibing <yuehaibing@xxxxxxxxxx>
Date: Wed, 26 Dec 2018 16:34:20 +0800

> diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c
> index f8eb78d..1567e12 100644
> --- a/net/ipv4/fib_rules.c
> +++ b/net/ipv4/fib_rules.c
> @@ -200,9 +200,13 @@ static struct fib_table *fib_empty_table(struct net *net)
> {
> u32 id;
>
> - for (id = 1; id <= RT_TABLE_MAX; id++)
> + for (id = 1; id <= RT_TABLE_MAX; id++) {
> if (!fib_get_table(net, id))
> return fib_new_table(net, id);
> +
> + if (id == RT_TABLE_MAX)
> + break;
> + }
> return NULL;
> }

The loop now has two exit conditions, one of which (by your analysis
is completely impossible).

Please clean this up into a loop with better structure and no
impossible tests. One approach could be simply:

id = 1;
while (1) {
...
if (id++ == RT_TABLE_MAX)
break;
}

Or even:

id = 0;
while (++id) {
...
}

Next message: David Miller: "Re: [PATCH net] ethtool: check the return value of get_regs_len"
Previous message: David Miller: "Re: [PATCH v3] soc/fsl/qe: fix err handling of ucc_of_parse_tdm"
In reply to: YueHaibing: "[PATCH] ipv4: fib_rules: Fix possible infinite loop in fib_empty_table"
Next in thread: YueHaibing: "Re: [PATCH] ipv4: fib_rules: Fix possible infinite loop in fib_empty_table"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]