From: Ivan Delalande <colona@arista.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netdev@vger.kernel.org, davem@davemloft.net, andre@tomt.net
Subject: Re: [PATCH net] netlink: fix wrong subscription bitmask to group mapping in
Date: Thu, 29 Jan 2015 23:27:01 +0100 [thread overview]
Message-ID: <20150129222701.GP17877@ycc.fr> (raw)
In-Reply-To: <1422525113-5698-1-git-send-email-pablo@netfilter.org>
On Thu, Jan 29, 2015 at 10:51:53AM +0100, Pablo Neira Ayuso wrote:
> The subscription bitmask passed via struct sockaddr_nl is converted to
> the group number when calling the netlink_bind() and netlink_unbind()
> callbacks.
>
> The conversion is however incorrect since bitmask (1 << 0) needs to be
> mapped to group number 1. Note that you cannot specify the group number 0
> (usually known as _NONE) from setsockopt() using NETLINK_ADD_MEMBERSHIP
> since this is rejected through -EINVAL.
>
> This problem became noticeable since 97840cb ("netfilter: nfnetlink:
> fix insufficient validation in nfnetlink_bind") when binding to bitmask
> (1 << 0) in ctnetlink.
>
> Reported-by: Andre Tomt <andre@tomt.net>
> Reported-by: Ivan Delalande <colona@arista.com>
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Thanks a lot for this fix!
> ---
> v2: Rebased upon current net tree. Previous patch:
>
> http://patchwork.ozlabs.org/patch/426205/
>
> did not apply cleanly.
>
> net/netlink/af_netlink.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
> index 02fdde2..75532ef 100644
> --- a/net/netlink/af_netlink.c
> +++ b/net/netlink/af_netlink.c
> @@ -1438,7 +1438,7 @@ static void netlink_undo_bind(int group, long unsigned int groups,
>
> for (undo = 0; undo < group; undo++)
> if (test_bit(undo, &groups))
> - nlk->netlink_unbind(sock_net(sk), undo);
> + nlk->netlink_unbind(sock_net(sk), undo + 1);
> }
>
> static int netlink_bind(struct socket *sock, struct sockaddr *addr,
> @@ -1476,7 +1476,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
> for (group = 0; group < nlk->ngroups; group++) {
> if (!test_bit(group, &groups))
> continue;
> - err = nlk->netlink_bind(net, group);
> + err = nlk->netlink_bind(net, group + 1);
> if (!err)
> continue;
> netlink_undo_bind(group, groups, sk);
I guess this should also be group + 1 there:
netlink_undo_bind(group + 1, groups, sk);
--
Ivan "Colona" Delalande
Arista Networks
next prev parent reply other threads:[~2015-01-29 22:27 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-29 9:51 [PATCH net] netlink: fix wrong subscription bitmask to group mapping in Pablo Neira Ayuso
2015-01-29 22:27 ` Ivan Delalande [this message]
2015-01-30 19:26 ` Pablo Neira Ayuso
2015-01-31 1:44 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150129222701.GP17877@ycc.fr \
--to=colona@arista.com \
--cc=andre@tomt.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.