Re: [PATCH] ipv4: fib_rules: Fix possible infinite loop in fib_empty_table
From: David Miller <davem@davemloft.net>
Date: 2018-12-29 05:15:07
Also in:
lkml
From: YueHaibing <redacted> Date: Wed, 26 Dec 2018 16:34:20 +0800
quoted hunk ↗ jump to hunk
diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c index f8eb78d..1567e12 100644 --- a/net/ipv4/fib_rules.c +++ b/net/ipv4/fib_rules.c@@ -200,9 +200,13 @@ static struct fib_table *fib_empty_table(struct net *net) { u32 id; - for (id = 1; id <= RT_TABLE_MAX; id++) + for (id = 1; id <= RT_TABLE_MAX; id++) { if (!fib_get_table(net, id)) return fib_new_table(net, id); + + if (id == RT_TABLE_MAX) + break; + } return NULL; }
The loop now has two exit conditions, one of which (by your analysis
is completely impossible).
Please clean this up into a loop with better structure and no
impossible tests. One approach could be simply:
id = 1;
while (1) {
...
if (id++ == RT_TABLE_MAX)
break;
}
Or even:
id = 0;
while (++id) {
...
}