diff options
author | Gleb Smirnoff <glebius@FreeBSD.org> | 2025-01-13 21:27:32 +0000 |
---|---|---|
committer | Gleb Smirnoff <glebius@FreeBSD.org> | 2025-01-13 21:27:53 +0000 |
commit | 6ed3486980c95bfa2cbc0b19739e93e8c0df9f67 (patch) | |
tree | 18a6075a84c96ba83d14920222970676915dfc85 | |
parent | 63f28490237fd8a8646c897e93b82e1ee0962502 (diff) |
netlink: avoid underflow of groups bitset index
The subtraction is absolutely unnecessary and created an underflow with
926d2eadcb67. I don't see why it was useful before 926d2eadcb67 and even
before edf5608bfef3. The bitset addresses bits from zero to
NLP_MAX_GROUPS-1. Note that check of user supplied argument for
NETLINK_ADD_MEMBERSHIP and NETLINK_DROP_MEMBERSHIP socket options is
already correct !(optval >= NLP_MAX_GROUPS).
Fixes: 926d2eadcb671dd26431a1082d4c49c3d5ad7f22
-rw-r--r-- | sys/netlink/netlink_domain.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/sys/netlink/netlink_domain.c b/sys/netlink/netlink_domain.c index 45d427f43166..00eb2923eddf 100644 --- a/sys/netlink/netlink_domain.c +++ b/sys/netlink/netlink_domain.c @@ -138,8 +138,7 @@ nl_port_lookup(uint32_t port_id) static void nl_add_group_locked(struct nlpcb *nlp, unsigned int group_id) { - MPASS(group_id <= NLP_MAX_GROUPS); - --group_id; + MPASS(group_id < NLP_MAX_GROUPS); /* TODO: add family handler callback */ if (!nlp_unconstrained_vnet(nlp)) @@ -151,8 +150,7 @@ nl_add_group_locked(struct nlpcb *nlp, unsigned int group_id) static void nl_del_group_locked(struct nlpcb *nlp, unsigned int group_id) { - MPASS(group_id <= NLP_MAX_GROUPS); - --group_id; + MPASS(group_id < NLP_MAX_GROUPS); BIT_CLR(NLP_MAX_GROUPS, group_id, &nlp->nl_groups); } @@ -160,8 +158,7 @@ nl_del_group_locked(struct nlpcb *nlp, unsigned int group_id) static bool nl_isset_group_locked(struct nlpcb *nlp, unsigned int group_id) { - MPASS(group_id <= NLP_MAX_GROUPS); - --group_id; + MPASS(group_id < NLP_MAX_GROUPS); return (BIT_ISSET(NLP_MAX_GROUPS, group_id, &nlp->nl_groups)); } |