Re: [PATCH] ipv4: fib_rules: Fix possible infinite loop in fib_empty_table
From: David Miller
Date: Sat Dec 29 2018 - 00:15:11 EST
From: YueHaibing <yuehaibing@xxxxxxxxxx>
Date: Wed, 26 Dec 2018 16:34:20 +0800
> diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c
> index f8eb78d..1567e12 100644
> --- a/net/ipv4/fib_rules.c
> +++ b/net/ipv4/fib_rules.c
> @@ -200,9 +200,13 @@ static struct fib_table *fib_empty_table(struct net *net)
> {
> u32 id;
>
> - for (id = 1; id <= RT_TABLE_MAX; id++)
> + for (id = 1; id <= RT_TABLE_MAX; id++) {
> if (!fib_get_table(net, id))
> return fib_new_table(net, id);
> +
> + if (id == RT_TABLE_MAX)
> + break;
> + }
> return NULL;
> }
The loop now has two exit conditions, one of which (by your analysis
is completely impossible).
Please clean this up into a loop with better structure and no
impossible tests. One approach could be simply:
id = 1;
while (1) {
...
if (id++ == RT_TABLE_MAX)
break;
}
Or even:
id = 0;
while (++id) {
...
}