Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp9309151rwl; Wed, 11 Jan 2023 04:15:17 -0800 (PST) X-Google-Smtp-Source: AMrXdXu3O4aeJ2yz225JbjIB0OGSwstx3JkxGGXiYltyNKPWDC+L0a3QygdJDKk3uCWkwxvJ2hOo X-Received: by 2002:a17:906:99d6:b0:7c1:7c3a:5c65 with SMTP id s22-20020a17090699d600b007c17c3a5c65mr60300853ejn.4.1673439316857; Wed, 11 Jan 2023 04:15:16 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1673439316; cv=pass; d=google.com; s=arc-20160816; b=khE7sy1Q4T+QXXD7PtyqoHkRdgjoI56Jmbk+HmbioDT4+gjYq1xX4WKQV+wcLPe5bo 8kxRQrpalEARzXufI9sPOqrXYQM1O78cuKjMAX0YXip10VDsXKHBe3lrP0bCIK/LZ+yK /mYYFEVwa47CotdB5udYEZC12sk1ilLGfPZ7xNMXmBR1rNomNPieOSCy6t6Iy//4VwQ+ scoj1of6Nf9HgmBMwLwxF1FSNxUmYjIfAJNuN1AMG0f9orBG1skmlgJIp6u6u7sPl1db 9MirgwmKuoL/HGpjUQ2SVhvmMSZZyozhSeN7OlEuascH8rYa/6Bfi1s2dXaZGXWazwbT XqVg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:in-reply-to:content-disposition :references:message-id:subject:cc:to:from:date:dkim-signature; bh=xM+Y67rayJFCO8PYuv/WQfuDF/jgyhEsl9qMmXR7Scw=; b=LH+PpzvWby0zk+6j7EgT2vcQgKFinwssE9Id7fzJ6F88CdOVsKYSAkd+t5pk8SKMak WD2tjpo5usbrstbaRunwlC+6McM0HxHg8B0QxMEfy5+WbjzFq3MxARGDbsqx88TghOgq iiI/gv1ecnctPapRkvDPr1YDhL8n5oVjZPfKk0rFl3cEGJ8FocDL7haYb0xp97LamS5R 7shsSXhjNW/9miR9PDzxky2UBJ1/uXT3ZFD2zeHwlRl8VWRIb1axgNEuQmfJkCRNTcBy yMWV1bawVJOY5k9RYqcrOj3lV0sVhe2I0paFz6SZuX0O4o6k4FJsM6K6RUT/F5P53Qbu aXJA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@corigine.onmicrosoft.com header.s=selector2-corigine-onmicrosoft-com header.b=o+95CzfQ; arc=pass (i=1 spf=pass spfdomain=corigine.com dkim=pass dkdomain=corigine.com dmarc=pass fromdomain=corigine.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=corigine.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ne42-20020a1709077baa00b007bce9ae53b5si15412522ejc.31.2023.01.11.04.15.04; Wed, 11 Jan 2023 04:15:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@corigine.onmicrosoft.com header.s=selector2-corigine-onmicrosoft-com header.b=o+95CzfQ; arc=pass (i=1 spf=pass spfdomain=corigine.com dkim=pass dkdomain=corigine.com dmarc=pass fromdomain=corigine.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=corigine.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233062AbjAKMEM (ORCPT + 53 others); Wed, 11 Jan 2023 07:04:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57636 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239124AbjAKMD1 (ORCPT ); Wed, 11 Jan 2023 07:03:27 -0500 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2094.outbound.protection.outlook.com [40.107.223.94]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2E4716581; Wed, 11 Jan 2023 04:01:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K0lc8K2wkzk2pHeHzQ5wmDHdvtxZahewGhhilrH4oOmD1y8H3KAOjdbMWWEkkQdcEQUcl5p8NMZzi2OQpD6Hln+5hvio+kkgGFr8NbW2lN7dYYocqWKG8GDuXo8Ke3a1GWvjKvVqot1lXPHoRwrA4tLS7Qf9FkPxheja7N3QK9m6cB6S9dIfnDSkorSbux1cD3v/+T54kQPdSXiPmMiHne5e1W1c/VTauzI3gbD2cUw0/PZOgAnbupLPSozM+Ojb5xJsDNMuIzRPP4lyXjQRM9fmjfpC4GwxKMEUzuJs1JMiICngWPLStZlEYNRRLGFDugrVmN04imy044pO0Cdglg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xM+Y67rayJFCO8PYuv/WQfuDF/jgyhEsl9qMmXR7Scw=; b=Pql14/Iv+zMQoDS2kA1aT4jvhEohNE2PeD7EPib1ukvSvB3tROOyZ61ra6RnsBbdmmQrHosbO/kyf0cOMLeHSlKtRR7gRkiDp4A1x5Mq8Us5863rRDSXb4YpxsC0G59u9KWoVvOimcJ338SQ1LII1OXCyeJ2Kd8xkc+6EFHLSNBPGqI/jdVWE7EBQjCsmCJfdsO/DT6eHkRvEbSwzjVnZIInJxYlbHRArzkSZ5X/6gcdFDyZ9Dm5OeJgxZHDnS0DtG6Ep/wo+BkQuMd5qjSaMFlUWFr4eqS814MJP9ORV2Juy0KhHOl9hqTZSVcxalvKTwpKasKM3HcBEsDyOWkg1g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=corigine.com; dmarc=pass action=none header.from=corigine.com; dkim=pass header.d=corigine.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=corigine.onmicrosoft.com; s=selector2-corigine-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xM+Y67rayJFCO8PYuv/WQfuDF/jgyhEsl9qMmXR7Scw=; b=o+95CzfQGBPRLmRwgiL7sjv9Uzpoy9XBSZFv2+1JXkRQ7xBnhbauDRFOhkfG1Bg47y/q8KliKXHkb95lVZ0USw+QoSBg9CKqn/2EzdTXhjQM3pR/YhdnTjiNpDe4hRT1c/JX05vZBP8YiPOFz32RfTDtHoTEaSfCNCqY+J0anrk= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=corigine.com; Received: from PH0PR13MB4842.namprd13.prod.outlook.com (2603:10b6:510:78::6) by MW4PR13MB5626.namprd13.prod.outlook.com (2603:10b6:303:182::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5986.18; Wed, 11 Jan 2023 12:01:01 +0000 Received: from PH0PR13MB4842.namprd13.prod.outlook.com ([fe80::eb5c:910f:3730:fd65]) by PH0PR13MB4842.namprd13.prod.outlook.com ([fe80::eb5c:910f:3730:fd65%6]) with mapi id 15.20.5986.018; Wed, 11 Jan 2023 12:01:01 +0000 Date: Wed, 11 Jan 2023 13:00:53 +0100 From: Simon Horman To: Gavrilov Ilia Cc: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , "netfilter-devel@vger.kernel.org" , "coreteam@netfilter.org" , "netdev@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "lvc-project@linuxtesting.org" Subject: Re: [PATCH v2] netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. Message-ID: References: <20230111115741.3347031-1-Ilia.Gavrilov@infotecs.ru> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230111115741.3347031-1-Ilia.Gavrilov@infotecs.ru> X-ClientProxiedBy: AM3PR03CA0072.eurprd03.prod.outlook.com (2603:10a6:207:5::30) To PH0PR13MB4842.namprd13.prod.outlook.com (2603:10b6:510:78::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PH0PR13MB4842:EE_|MW4PR13MB5626:EE_ X-MS-Office365-Filtering-Correlation-Id: 8fe2856b-ea6c-4b85-e767-08daf3cb821f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 4kZBLvmj50C1dO2uiVGa2F+uGDx3Ataxkg0vdWKT2EP+oaEtLT76D7nGxypf5ZeCYWb3YoWqYwgZCPiQtuVugQ3WdEkXRevS2XGT3JcDOr5tx8INfOfIcRNRnK2VCyDgkdmU2nPeWN1jUl7RDEq/Xm0qI3pR51w3spvbLcjQtsuaDhKUtlKzpHC+yV/5n9y5lRIUhNWx6kz0KWJEZeh1GJ7jkN5hkXpyFt1tSR6oyT0ILm6hlIhpHzubGo5W/NXzoJADV5wMMGYbwibddZYfajxgv2FuJnF/hQBAKOMt5OEdQeyMeiIHY0y0ZBli7T1+RkFyajpntEKwta1PCg5r8nXjAkYAG9Vp7mW2asZeBYEehcd0Hot1tILxpQDF+5hZAETxDG1IS9jSdS84cXt9vI1UHgpmj/E+BcJjDQwBiUt8+XhhyjtQvYtXgb3E/MlMEIgLPk2kyCr9V/S89curbURl9jcW/Zw9C5buJHmRV6hj03XBKinOG3m1UbnnEZ7mkH0bOH3Xh9nB2h1RUoUnZLEQXO1Mz8PpW/HPn6A0cgHPlVPlJRngLIGrdWOqhWRzZyQBdbIiLQG3DqM3XfRdqp2ngI5ABmmlx8EB7bW2XntKdNhv7VxdAeELapabmb8yNVrGcwPNSy4OzZbpUGBWqEPgHyn+TdCW5zhSeFHca+2Zcc8pJSkjB2g08O0ZlRK2 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR13MB4842.namprd13.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(39840400004)(376002)(396003)(366004)(136003)(346002)(451199015)(86362001)(2906002)(44832011)(5660300002)(36756003)(7416002)(8936002)(41300700001)(66556008)(66476007)(8676002)(38100700002)(4326008)(66946007)(83380400001)(6666004)(6512007)(316002)(2616005)(6916009)(54906003)(186003)(6486002)(6506007)(478600001)(966005);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?juvDwWpkZ8kGoBAatIthrNz0Y2K9E3hUYzGw2sehC7sXoCh8ydbF6ANU6FCu?= =?us-ascii?Q?yrLnUyLw4CBxtVXfLiz+SdsyhXCJh8lZKNHHaIVD+QeA8pkLjzCP7w3WON+W?= =?us-ascii?Q?fRXh/pPv60S85e1SdESJrNJGQjDpcwvaX2y9NDE/nOY2lO3Hb5l3pa1FWYuS?= =?us-ascii?Q?qNlJ/VsXB8U9Iy1+nQVl39skKDbiv/lc2fBo1IMXbnihM034uEvSdKtCMTju?= =?us-ascii?Q?PUAU9hk03qqEDnTmTYgjQa+WwdhrQtk3wJeRBePtZaz9E9LQAKGEi2oS+7UU?= =?us-ascii?Q?qCwlW5l2utYt7+Qfw11nRCagPcl/XEsMLhu/El5voQ1bc11xRZqBHBnXIAjs?= =?us-ascii?Q?FGujYGq0RCiPgiPXwQQYJqmh+9ukEwu6zTpb77DlnkANyYu5xg/2O9KMjZZy?= =?us-ascii?Q?vwvrzMVb61mFJH/CyTCSGHoGu8IHl0KrsKuFtwFJsmU+6t7uYjFVcGggQJKu?= =?us-ascii?Q?qBqeoV05T70pd4UJs3VmwSWEgL0uDnfd7PrMUpASJmMCRnPVWYNIiA5vXrhJ?= =?us-ascii?Q?0t5TtWIwK2qAee6gFZ3CH+8q1j29TC+fTvZC+ErUa9E7qCDeq/sDfIOViZo3?= =?us-ascii?Q?5RuaTf0NCt9/JxvnKuiJ5R/2Cn4a6toFss/UwmKlsva7KBIiv4nI8tAmvitH?= =?us-ascii?Q?EQu60znyP1UaJejxCujWY/pfhozzxvzOVhbW0A9efWV/wTr+lo963i1cbt8k?= =?us-ascii?Q?Ks/qfcD9HgVzCjtC967fjfGlTKv5OUBSY7+jIE7uDkr6RKKm32FBejQnFc3k?= =?us-ascii?Q?zF7PPsjA8I/+rY6p/2GeQpYAyCxFzlRxH+R1d734zPKHEN8qN1QkplhtR6OU?= =?us-ascii?Q?20nJnzkcjrBwPKjqXZ2QuEfO6YHSy3U/EPtnlvyvAb7VIL2liJ9zi0Pqb2Dr?= =?us-ascii?Q?3gOsvwn+Gw/yQinFKfAuyK9+ykJQaOwVwrDqOVu+eBDlXChYv5TfAdAY8iBO?= =?us-ascii?Q?CqCM959YHolV2wQ9rXSwHnWg538lJrqqAjQKlGxYy9ISTg0X0pCaTlB9IXYb?= =?us-ascii?Q?QPaCxNLT78gDtYfQ1II1w+jvn2g2TbCdRYMX3Tg/83Os3F6p7Hnp3GUJSPyr?= =?us-ascii?Q?UTJxjPuMrdn5r4gfE4uGfcRPFEA3npEFTvKtmcDxIf0wmdw6gcGqUH8Xk+dD?= =?us-ascii?Q?L0yrEjRAb50PWQ9Ymr/S6ir8hBul8Z9XqTkjcs3EzGighaiHT3cjDG4YtQZY?= =?us-ascii?Q?GHuZP6wifZ+t17St1yk6grKGEfk0uY19LnTKu5Yr5N8avzRqiOr3s3cNDcCs?= =?us-ascii?Q?oR+BR+Q2qTmHsRWhbqgu7tIhBdVWRKAEkJtr44Z+PVyp2yTX8Fx6rBbYSCJu?= =?us-ascii?Q?BlDe/ryc/C1IURWS1STFmfOcrFDRc+GhECUC7moQNKwU4Zpmn8cFGcK+Z0vd?= =?us-ascii?Q?0941Xs91mStX7TVDMpTGlvkssJ+1/y/CquxMjSmDM/9kHTn8QNsxwSgJvec9?= =?us-ascii?Q?X3FHFdJiiT2kcnReSgXl4+AM1EUOpj/tp4z3KugiW+QULvgcGHWrNGuAxISd?= =?us-ascii?Q?+CWMtx6oONuBzfxNmPPYXk+XScXshrSjHAZ7gWtLM2VcqL4479Bmf24KTKs8?= =?us-ascii?Q?zcxLQsu6ELB1PPkUvXxLIGY4RJOTnvIJEeCiVyrE2ZVVdhttsUUGRVpae0Ah?= =?us-ascii?Q?jzU27PuaI6C7ge5IOmTEzHQEXmD5I4R/hG0qSJwtETn2Zu0xOlZLDoX2zRg4?= =?us-ascii?Q?TOzPlw=3D=3D?= X-OriginatorOrg: corigine.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8fe2856b-ea6c-4b85-e767-08daf3cb821f X-MS-Exchange-CrossTenant-AuthSource: PH0PR13MB4842.namprd13.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jan 2023 12:01:01.5260 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: fe128f2c-073b-4c20-818e-7246a585940c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: o6Aq7yiDdhYcSdMpT0tuJ6V3Bq5peS6ayUGsqYDDZPz2WV9mic94PDif7LgjcWosHwRVofgpvoIP7BvYdToistUz4VA2OFBQy3UMfHsHmFk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR13MB5626 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jan 11, 2023 at 11:57:39AM +0000, Gavrilov Ilia wrote: > [You don't often get email from ilia.gavrilov@infotecs.ru. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] > > When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value of > an arithmetic expression 2 << (netmask - mask_bits - 1) is subject > to overflow due to a failure casting operands to a larger data type > before performing the arithmetic. > > Note that it's harmless since the value will be checked at the next step. > > Found by InfoTeCS on behalf of Linux Verification Center > (linuxtesting.org) with SVACE. > > Fixes: b9fed748185a ("netfilter: ipset: Check and reject crazy /0 input parameters") > Signed-off-by: Ilia.Gavrilov Reviewed-by: Simon Horman > --- > v2: Fix typo of the last_ip value in the description. Fix the expression for 'hosts'. > net/netfilter/ipset/ip_set_bitmap_ip.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/net/netfilter/ipset/ip_set_bitmap_ip.c b/net/netfilter/ipset/ip_set_bitmap_ip.c > index a8ce04a4bb72..e4fa00abde6a 100644 > --- a/net/netfilter/ipset/ip_set_bitmap_ip.c > +++ b/net/netfilter/ipset/ip_set_bitmap_ip.c > @@ -308,8 +308,8 @@ bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[], > return -IPSET_ERR_BITMAP_RANGE; > > pr_debug("mask_bits %u, netmask %u\n", mask_bits, netmask); > - hosts = 2 << (32 - netmask - 1); > - elements = 2 << (netmask - mask_bits - 1); > + hosts = 2U << (32 - netmask - 1); > + elements = 2UL << (netmask - mask_bits - 1); > } > if (elements > IPSET_BITMAP_MAX_RANGE + 1) > return -IPSET_ERR_BITMAP_RANGE_SIZE; > -- > 2.30.2