netlink: avoid underflow of groups bitset index

The subtraction is absolutely unnecessary and created an underflow with 926d2ea. I don't see why it was useful before 926d2ea and even before edf5608. The bitset addresses bits from zero to NLP_MAX_GROUPS-1. Note that check of user supplied argument for NETLINK_ADD_MEMBERSHIP and NETLINK_DROP_MEMBERSHIP socket options is already correct !(optval >= NLP_MAX_GROUPS). Fixes: 926d2ea
dumbbell · Jan 13, 2025 · 6ed3486 · 6ed3486
1 parent 63f2849
commit 6ed3486
Showing 1 changed file with 3 additions and 6 deletions.
diff --git a/sys/netlink/netlink_domain.c b/sys/netlink/netlink_domain.c
@@ -138,8 +138,7 @@ nl_port_lookup(uint32_t port_id)
 static void
 nl_add_group_locked(struct nlpcb *nlp, unsigned int group_id)
 {
-	MPASS(group_id <= NLP_MAX_GROUPS);
-	--group_id;
+	MPASS(group_id < NLP_MAX_GROUPS);
 
 	/* TODO: add family handler callback */
 	if (!nlp_unconstrained_vnet(nlp))
@@ -151,17 +150,15 @@ nl_add_group_locked(struct nlpcb *nlp, unsigned int group_id)
 static void
 nl_del_group_locked(struct nlpcb *nlp, unsigned int group_id)
 {
-	MPASS(group_id <= NLP_MAX_GROUPS);
-	--group_id;
+	MPASS(group_id < NLP_MAX_GROUPS);
 
 	BIT_CLR(NLP_MAX_GROUPS, group_id, &nlp->nl_groups);
 }
 
 static bool
 nl_isset_group_locked(struct nlpcb *nlp, unsigned int group_id)
 {
-	MPASS(group_id <= NLP_MAX_GROUPS);
-	--group_id;
+	MPASS(group_id < NLP_MAX_GROUPS);
 
 	return (BIT_ISSET(NLP_MAX_GROUPS, group_id, &nlp->nl_groups));
 }