4.9-stable review patch. If anyone has any objections, please let me know.
------------------ From: Dmitry Safonov <[email protected]> [ Upstream commit 7acf9d4237c46894e0fa0492dd96314a41742e84 ] Make ABI more strict about subscribing to group > ngroups. Code doesn't check for that and it looks bogus. (one can subscribe to non-existing group) Still, it's possible to bind() to all possible groups with (-1) Cc: "David S. Miller" <[email protected]> Cc: Herbert Xu <[email protected]> Cc: Steffen Klassert <[email protected]> Cc: [email protected] Signed-off-by: Dmitry Safonov <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- net/netlink/af_netlink.c | 1 + 1 file changed, 1 insertion(+) --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -983,6 +983,7 @@ static int netlink_bind(struct socket *s if (err) return err; } + groups &= (1UL << nlk->ngroups) - 1; bound = nlk->bound; if (bound) {
