Commit 31818213 authored by Jeremy Sowden's avatar Jeremy Sowden Committed by Pablo Neira Ayuso
Browse files

netfilter: bitwise: fix reduce comparisons 



The `nft_bitwise_reduce` and `nft_bitwise_fast_reduce` functions should
compare the bitwise operation in `expr` with the tracked operation
associated with the destination register of `expr`.  However, instead of
being called on `expr` and `track->regs[priv->dreg].selector`,
`nft_expr_priv` is called on `expr` twice, so both reduce functions
return true even when the operations differ.

Fixes: be5650f8 ("netfilter: nft_bitwise: track register operations")
Signed-off-by: default avatarJeremy Sowden <jeremy@azazel.net>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent ad7da1ce

net/netfilter/nft_bitwise.c

+2 −2
Original line number Diff line number Diff line
@@ -290,7 +290,7 @@ static bool nft_bitwise_reduce(struct nft_regs_track *track, 
	if (!track->regs[priv->sreg].selector)

		return false;



	bitwise = nft_expr_priv(expr);

	bitwise = nft_expr_priv(track->regs[priv->dreg].selector);

	if (track->regs[priv->sreg].selector == track->regs[priv->dreg].selector &&

	    track->regs[priv->sreg].num_reg == 0 &&

	    track->regs[priv->dreg].bitwise &&
@@ -442,7 +442,7 @@ static bool nft_bitwise_fast_reduce(struct nft_regs_track *track, 
	if (!track->regs[priv->sreg].selector)

		return false;



	bitwise = nft_expr_priv(expr);

	bitwise = nft_expr_priv(track->regs[priv->dreg].selector);

	if (track->regs[priv->sreg].selector == track->regs[priv->dreg].selector &&

	    track->regs[priv->dreg].bitwise &&

	    track->regs[priv->dreg].bitwise->ops == expr->ops &&