FreeBSD Mail Archives

Date:      Mon, 13 Jan 2025 21:28:57 GMT
From:      Gleb Smirnoff <glebius@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 6ed3486980c9 - main - netlink: avoid underflow of groups bitset index
Message-ID:  <202501132128.50DLSv5Z066631@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help

The branch main has been updated by glebius:

URL: https://cgit.FreeBSD.org/src/commit/?id=6ed3486980c95bfa2cbc0b19739e93e8c0df9f67

commit 6ed3486980c95bfa2cbc0b19739e93e8c0df9f67
Author:     Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2025-01-13 21:27:32 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2025-01-13 21:27:53 +0000

    netlink: avoid underflow of groups bitset index
    
    The subtraction is absolutely unnecessary and created an underflow with
    926d2eadcb67.  I don't see why it was useful before 926d2eadcb67 and even
    before edf5608bfef3.  The bitset addresses bits from zero to
    NLP_MAX_GROUPS-1.  Note that check of user supplied argument for
    NETLINK_ADD_MEMBERSHIP and NETLINK_DROP_MEMBERSHIP socket options is
    already correct !(optval >= NLP_MAX_GROUPS).
    
    Fixes:  926d2eadcb671dd26431a1082d4c49c3d5ad7f22
---
 sys/netlink/netlink_domain.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/sys/netlink/netlink_domain.c b/sys/netlink/netlink_domain.c
index 45d427f43166..00eb2923eddf 100644
--- a/sys/netlink/netlink_domain.c
+++ b/sys/netlink/netlink_domain.c
@@ -138,8 +138,7 @@ nl_port_lookup(uint32_t port_id)
 static void
 nl_add_group_locked(struct nlpcb *nlp, unsigned int group_id)
 {
-	MPASS(group_id <= NLP_MAX_GROUPS);
-	--group_id;
+	MPASS(group_id < NLP_MAX_GROUPS);
 
 	/* TODO: add family handler callback */
 	if (!nlp_unconstrained_vnet(nlp))
@@ -151,8 +150,7 @@ nl_add_group_locked(struct nlpcb *nlp, unsigned int group_id)
 static void
 nl_del_group_locked(struct nlpcb *nlp, unsigned int group_id)
 {
-	MPASS(group_id <= NLP_MAX_GROUPS);
-	--group_id;
+	MPASS(group_id < NLP_MAX_GROUPS);
 
 	BIT_CLR(NLP_MAX_GROUPS, group_id, &nlp->nl_groups);
 }
@@ -160,8 +158,7 @@ nl_del_group_locked(struct nlpcb *nlp, unsigned int group_id)
 static bool
 nl_isset_group_locked(struct nlpcb *nlp, unsigned int group_id)
 {
-	MPASS(group_id <= NLP_MAX_GROUPS);
-	--group_id;
+	MPASS(group_id < NLP_MAX_GROUPS);
 
 	return (BIT_ISSET(NLP_MAX_GROUPS, group_id, &nlp->nl_groups));
 }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202501132128.50DLSv5Z066631>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation