RDAM/netlink: Fix out-of-bound access while checking message validity

The netlink message sent with type == 0, which doesn't have any client behind it, caused to the overflow in max_num_ops array. Fix it by declaring zero number of ops for the first client. Fixes: c9901724 ("RDMA/netlink: Remove netlink clients infrastructure") Signed-off-by: Leon Romanovsky <leon@kernel.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

RDAM/netlink: Fix out-of-bound access while checking message validity
The netlink message sent with type == 0, which doesn't have any client behind it, caused to the overflow in max_num_ops array. Fix it by declaring zero number of ops for the first client. Fixes: c9901724 ("RDMA/netlink: Remove netlink clients infrastructure") Signed-off-by: Leon Romanovsky <leon@kernel.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8b2c7e7a · Leon Romanovsky · Linus Torvalds · 5969d1bb · 8b2c7e7a
Commit 8b2c7e7a authored Sep 08, 2017 by Leon Romanovsky Committed by Linus Torvalds Sep 08, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 3 deletions

drivers/infiniband/core/netlink.c drivers/infiniband/core/netlink.c +4 -3

No files found.
--- a/drivers/infiniband/core/netlink.c
+++ b/drivers/infiniband/core/netlink.c
@@ -57,7 +57,8 @@ EXPORT_SYMBOL(rdma_nl_chk_listeners);

 static bool is_nl_msg_valid(unsigned int type, unsigned int op)
 {
-	static const unsigned int max_num_ops[RDMA_NL_NUM_CLIENTS - 1] = {
+	static const unsigned int max_num_ops[RDMA_NL_NUM_CLIENTS] = {
+				  0,
 				  RDMA_NL_RDMA_CM_NUM_OPS,
 				  RDMA_NL_IWPM_NUM_OPS,
 				  0,
@@ -70,10 +71,10 @@ static bool is_nl_msg_valid(unsigned int type, unsigned int op)
 	 */
 	BUILD_BUG_ON(RDMA_NL_NUM_CLIENTS != 6);

-	if (type > RDMA_NL_NUM_CLIENTS - 1)
+	if (type >= RDMA_NL_NUM_CLIENTS)
 		return false;

-	return (op < max_num_ops[type - 1]) ? true : false;
+	return (op < max_num_ops[type]) ? true : false;
 }

 static bool is_nl_valid(unsigned int type, unsigned int op)