aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGleb Smirnoff <glebius@FreeBSD.org>2025-01-13 21:27:32 +0000
committerGleb Smirnoff <glebius@FreeBSD.org>2025-01-13 21:27:53 +0000
commit6ed3486980c95bfa2cbc0b19739e93e8c0df9f67 (patch)
tree18a6075a84c96ba83d14920222970676915dfc85
parent63f28490237fd8a8646c897e93b82e1ee0962502 (diff)
netlink: avoid underflow of groups bitset index
The subtraction is absolutely unnecessary and created an underflow with 926d2eadcb67. I don't see why it was useful before 926d2eadcb67 and even before edf5608bfef3. The bitset addresses bits from zero to NLP_MAX_GROUPS-1. Note that check of user supplied argument for NETLINK_ADD_MEMBERSHIP and NETLINK_DROP_MEMBERSHIP socket options is already correct !(optval >= NLP_MAX_GROUPS). Fixes: 926d2eadcb671dd26431a1082d4c49c3d5ad7f22
-rw-r--r--sys/netlink/netlink_domain.c9
1 files changed, 3 insertions, 6 deletions
diff --git a/sys/netlink/netlink_domain.c b/sys/netlink/netlink_domain.c
index 45d427f43166..00eb2923eddf 100644
--- a/sys/netlink/netlink_domain.c
+++ b/sys/netlink/netlink_domain.c
@@ -138,8 +138,7 @@ nl_port_lookup(uint32_t port_id)
static void
nl_add_group_locked(struct nlpcb *nlp, unsigned int group_id)
{
- MPASS(group_id <= NLP_MAX_GROUPS);
- --group_id;
+ MPASS(group_id < NLP_MAX_GROUPS);
/* TODO: add family handler callback */
if (!nlp_unconstrained_vnet(nlp))
@@ -151,8 +150,7 @@ nl_add_group_locked(struct nlpcb *nlp, unsigned int group_id)
static void
nl_del_group_locked(struct nlpcb *nlp, unsigned int group_id)
{
- MPASS(group_id <= NLP_MAX_GROUPS);
- --group_id;
+ MPASS(group_id < NLP_MAX_GROUPS);
BIT_CLR(NLP_MAX_GROUPS, group_id, &nlp->nl_groups);
}
@@ -160,8 +158,7 @@ nl_del_group_locked(struct nlpcb *nlp, unsigned int group_id)
static bool
nl_isset_group_locked(struct nlpcb *nlp, unsigned int group_id)
{
- MPASS(group_id <= NLP_MAX_GROUPS);
- --group_id;
+ MPASS(group_id < NLP_MAX_GROUPS);
return (BIT_ISSET(NLP_MAX_GROUPS, group_id, &nlp->nl_groups));
}