git: 6ed3486980c9 - main - netlink: avoid underflow of groups bitset index
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 13 Jan 2025 21:28:57 UTC
The branch main has been updated by glebius:
URL: https://cgit.FreeBSD.org/src/commit/?id=6ed3486980c95bfa2cbc0b19739e93e8c0df9f67
commit 6ed3486980c95bfa2cbc0b19739e93e8c0df9f67
Author: Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2025-01-13 21:27:32 +0000
Commit: Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2025-01-13 21:27:53 +0000
netlink: avoid underflow of groups bitset index
The subtraction is absolutely unnecessary and created an underflow with
926d2eadcb67. I don't see why it was useful before 926d2eadcb67 and even
before edf5608bfef3. The bitset addresses bits from zero to
NLP_MAX_GROUPS-1. Note that check of user supplied argument for
NETLINK_ADD_MEMBERSHIP and NETLINK_DROP_MEMBERSHIP socket options is
already correct !(optval >= NLP_MAX_GROUPS).
Fixes: 926d2eadcb671dd26431a1082d4c49c3d5ad7f22
---
sys/netlink/netlink_domain.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/sys/netlink/netlink_domain.c b/sys/netlink/netlink_domain.c
index 45d427f43166..00eb2923eddf 100644
--- a/sys/netlink/netlink_domain.c
+++ b/sys/netlink/netlink_domain.c
@@ -138,8 +138,7 @@ nl_port_lookup(uint32_t port_id)
static void
nl_add_group_locked(struct nlpcb *nlp, unsigned int group_id)
{
- MPASS(group_id <= NLP_MAX_GROUPS);
- --group_id;
+ MPASS(group_id < NLP_MAX_GROUPS);
/* TODO: add family handler callback */
if (!nlp_unconstrained_vnet(nlp))
@@ -151,8 +150,7 @@ nl_add_group_locked(struct nlpcb *nlp, unsigned int group_id)
static void
nl_del_group_locked(struct nlpcb *nlp, unsigned int group_id)
{
- MPASS(group_id <= NLP_MAX_GROUPS);
- --group_id;
+ MPASS(group_id < NLP_MAX_GROUPS);
BIT_CLR(NLP_MAX_GROUPS, group_id, &nlp->nl_groups);
}
@@ -160,8 +158,7 @@ nl_del_group_locked(struct nlpcb *nlp, unsigned int group_id)
static bool
nl_isset_group_locked(struct nlpcb *nlp, unsigned int group_id)
{
- MPASS(group_id <= NLP_MAX_GROUPS);
- --group_id;
+ MPASS(group_id < NLP_MAX_GROUPS);
return (BIT_ISSET(NLP_MAX_GROUPS, group_id, &nlp->nl_groups));
}