Re: [PATCH 1/1] net: netlink: Fix multicast group storage allocation for families with more than one groups
From: David Miller
Date: Tue Jan 12 2016 - 16:42:37 EST
From: Matti Vaittinen <matti.vaittinen@xxxxxxxxx>
Date: Mon, 11 Jan 2016 14:26:19 +0200
> Multicast groups are stored in global buffer. Check for needed buffer size
> incorrectly compares buffer size to first id for family. This means that
> for families with more than one mcast id one may allocate too small buffer
> and end up writing rest of the groups to some unallocated memory. Fix the
> buffer size check to compare allocated space to last mcast id for the
> family.
>
> Tested on ARM using kernel 3.14
>
> Signed-off-by: Matti Vaittinen <matti.vaittinen@xxxxxxxxx>
Indeed, it looks like this function was never tested with any value
of n_groups other than one.
But I think your change has an off-by-one bug:
> - if (id >= mc_groups_longs * BITS_PER_LONG) {
> + if (id + n_groups >= mc_groups_longs * BITS_PER_LONG) {
I think this needs to be "id + n_groups > ". Consider the existing,
working, case of "n_groups == 1". Now you're adding '1' and therefore
the test needs to be adjusted from >= to >.
Thanks.