| Message ID | 20180727155444.17081-1-dima@arista.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
| Series | netlink: Do not subscribe to non-existent groups | expand |
From: Dmitry Safonov <dima@arista.com> Date: Fri, 27 Jul 2018 16:54:44 +0100 > Make ABI more strict about subscribing to group > ngroups. > Code doesn't check for that and it looks bogus. > (one can subscribe to non-existing group) > Still, it's possible to bind() to all possible groups with (-1) > > Cc: "David S. Miller" <davem@davemloft.net> > Cc: Herbert Xu <herbert@gondor.apana.org.au> > Cc: Steffen Klassert <steffen.klassert@secunet.com> > Cc: netdev@vger.kernel.org > Signed-off-by: Dmitry Safonov <dima@arista.com> Applied and queued up for -stable, thanks.
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 393573a99a5a..ac805caed2e2 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1008,6 +1008,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, if (err) return err; } + groups &= (1UL << nlk->ngroups) - 1; bound = nlk->bound; if (bound) {
Make ABI more strict about subscribing to group > ngroups. Code doesn't check for that and it looks bogus. (one can subscribe to non-existing group) Still, it's possible to bind() to all possible groups with (-1) Cc: "David S. Miller" <davem@davemloft.net> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Steffen Klassert <steffen.klassert@secunet.com> Cc: netdev@vger.kernel.org Signed-off-by: Dmitry Safonov <dima@arista.com> --- net/netlink/af_netlink.c | 1 + 1 file changed, 1 insertion(+)