/* * netsniff-ng - the packet sniffing beast * Copyright 2009, 2010 Daniel Borkmann. * Subject to the GPL, version 2. */ #ifndef HASH_H #define HASH_H /* Hash table implementation from the GIT project. */ /* Copyright 2008 (C) Linus Torvalds, GPL version 2 */ /* * These are some simple generic hash table helper functions. * Not necessarily suitable for all users, but good for things * where you want to just keep track of a list of things, and * have a good hash to use on them. * * It keeps the hash table at roughly 50-75% free, so the memory * cost of the hash table itself is roughly * * 3 * 2*sizeof(void *) * nr_of_objects * * bytes. * * FIXME: on 64-bit architectures, we waste memory. It would be * good to have just 32-bit pointers, requiring a special allocator * for hashed entries or something. */ #include #define alloc_nr(x) (((x) + 16) * 3 / 2) #define INSERT_HASH_PROTOS(ops, table) \ do { \ void **pos = insert_hash((ops).key, &(ops), &(table)); \ /* We already had an entry there? */ \ if (pos) { \ (ops).next = *pos; \ *pos = &(ops); \ } \ } while (0) struct hash_table_entry { unsigned int hash; void *ptr; }; struct hash_table { unsigned int size, nr; struct hash_table_entry *array; }; extern void *lookup_hash(unsigned int hash, const struct hash_table *table); extern void **insert_hash(unsigned int hash, void *ptr, struct hash_table *table); extern void *remove_hash(unsigned int hash, void *ptr, void *ptr_next, struct hash_table *table); extern int for_each_hash(const struct hash_table *table, int (*fn)(void *)); extern int for_each_hash_int(const struct hash_table *table, int (*fn)(void *, int), int arg); extern void free_hash(struct hash_table *table); static inline void init_hash(struct hash_table *table) { table->size = 0; table->nr = 0; table->array = NULL; } static inline unsigned char icase_hash(unsigned char c) { return c & ~((c & 0x40) >> 1); } static inline unsigned int hash_name(const char *name, int namelen) { unsigned int hash = 0x123; do { unsigned char c = *name++; c = icase_hash(c); hash = hash * 101 + c; } while (--namelen); return hash; } #endif m class='right' method='get' action='/cgit.cgi/linux/net-next.git/log/'>
diff options
context:
space:
mode:
authorAlan Stern <stern@rowland.harvard.edu>2016-06-23 15:05:26 -0400
committerMartin K. Petersen <martin.petersen@oracle.com>2016-06-29 00:51:31 -0400
commit5e7ff2ca7f2da55fe777167849d0c93403bd0dc8 (patch)
tree5fb37d646be7e708c503feabed417afb14328b95
parent54e430bbd490e18ab116afa4cd90dcc45787b3df (diff)
SCSI: fix new bug in scsi_dev_info_list string matching
Commit b704f70ce200 ("SCSI: fix bug in scsi_dev_info_list matching") changed the way vendor- and model-string matching was carried out in the routine that looks up entries in a SCSI devinfo list. The new matching code failed to take into account the case of a maximum-length string; in such cases it could end up testing for a terminating '\0' byte beyond the end of the memory allocated to the string. This out-of-bounds bug was detected by UBSAN. I don't know if anybody has actually encountered this bug. The symptom would be that a device entry in the blacklist might not be matched properly if it contained an 8-character vendor name or a 16-character model name. Such entries certainly exist in scsi_static_device_list. This patch fixes the problem by adding a check for a maximum-length string before the '\0' test. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Fixes: b704f70ce200 ("SCSI: fix bug in scsi_dev_info_list matching") Tested-by: Wilfried Klaebe <linux-kernel@lebenslange-mailadresse.de> CC: <stable@vger.kernel.org> # v4.4+ Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat