git: 4182ec520407 - releng/13.2 - netlink: fix OOB read in genetlink

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Ed Maste <emaste_at_FreeBSD.org>
Date: Tue, 07 Mar 2023 13:28:24 UTC

The branch releng/13.2 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=4182ec520407a702ec2b670d597ca4f7d80ef58b

commit 4182ec520407a702ec2b670d597ca4f7d80ef58b
Author:     Alexander V. Chernikov <melifaro@FreeBSD.org>
AuthorDate: 2023-02-18 17:24:59 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2023-03-07 13:28:06 +0000

    netlink: fix OOB read in genetlink
    
    Reported by:    Coverity Scan
    Approved by:    re (cperciva)
    CID:            1498863
    
    (cherry picked from commit 8f7455a9265f4952f885b06c08c57fcce6f16e5c)
    (cherry picked from commit d9d596bb2ce04bbec5ea811342efd4216c1fc2a3)
---
 sys/netlink/netlink_generic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/netlink/netlink_generic.c b/sys/netlink/netlink_generic.c
index 066379e2afae..a16fdc312daa 100644
--- a/sys/netlink/netlink_generic.c
+++ b/sys/netlink/netlink_generic.c
@@ -267,7 +267,7 @@ genl_handle_message(struct nlmsghdr *hdr, struct nl_pstate *npt)
 
 	int family_id = (int)hdr->nlmsg_type - GENL_MIN_ID;
 
-	if (__predict_false(family_id < 0 || family_id > MAX_FAMILIES)) {
+	if (__predict_false(family_id < 0 || family_id >= MAX_FAMILIES)) {
 		NLP_LOG(LOG_DEBUG, nlp, "invalid message type: %d", hdr->nlmsg_type);
 		return (ENOTSUP);
 	}