Message ID | 20180726023144.31066-7-dima@arista.com |
---|---|
State | Awaiting Upstream, archived |
Delegated to: | David Miller |
Headers | show |
Series | xfrm: Add compat layer | expand |
From: Dmitry Safonov <dima@arista.com> Date: Thu, 26 Jul 2018 03:31:32 +0100 > Make ABI more strict about subscribing to group > ngroups. > Code doesn't check for that and it looks bogus. > (one can subscribe to non-existing group) > Still, it's possible to bind() to all possible groups with (-1) > > Cc: "David S. Miller" <davem@davemloft.net> > Cc: Herbert Xu <herbert@gondor.apana.org.au> > Cc: Steffen Klassert <steffen.klassert@secunet.com> > Cc: netdev@vger.kernel.org > Signed-off-by: Dmitry Safonov <dima@arista.com> This really has nothing to do with adding a compat layer for xfrm, and is a bug fix that should be submitted separately in it's own right.
On Wed, 2018-07-25 at 21:22 -0700, David Miller wrote: > From: Dmitry Safonov <dima@arista.com> > Date: Thu, 26 Jul 2018 03:31:32 +0100 > > > Make ABI more strict about subscribing to group > ngroups. > > Code doesn't check for that and it looks bogus. > > (one can subscribe to non-existing group) > > Still, it's possible to bind() to all possible groups with (-1) > > > > Cc: "David S. Miller" <davem@davemloft.net> > > Cc: Herbert Xu <herbert@gondor.apana.org.au> > > Cc: Steffen Klassert <steffen.klassert@secunet.com> > > Cc: netdev@vger.kernel.org > > Signed-off-by: Dmitry Safonov <dima@arista.com> > > This really has nothing to do with adding a compat layer for xfrm, > and is a bug fix that should be submitted separately in it's own > right. Sure, will do.
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 393573a99a5a..ac805caed2e2 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1008,6 +1008,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, if (err) return err; } + groups &= (1UL << nlk->ngroups) - 1; bound = nlk->bound; if (bound) {
Make ABI more strict about subscribing to group > ngroups. Code doesn't check for that and it looks bogus. (one can subscribe to non-existing group) Still, it's possible to bind() to all possible groups with (-1) Cc: "David S. Miller" <davem@davemloft.net> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Steffen Klassert <steffen.klassert@secunet.com> Cc: netdev@vger.kernel.org Signed-off-by: Dmitry Safonov <dima@arista.com> --- net/netlink/af_netlink.c | 1 + 1 file changed, 1 insertion(+)