Page MenuHomeFreeBSD

Correct bitwise test in mac_bsdextended ugidfw_rule_valid()
ClosedPublic

Authored by emaste on Apr 6 2017, 7:15 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Dec 13, 2:23 PM
Unknown Object (File)
Nov 2 2024, 3:13 AM
Unknown Object (File)
Oct 18 2024, 12:34 AM
Unknown Object (File)
Oct 16 2024, 1:22 AM
Unknown Object (File)
Oct 16 2024, 1:21 AM
Unknown Object (File)
Oct 16 2024, 1:21 AM
Unknown Object (File)
Oct 16 2024, 1:21 AM
Unknown Object (File)
Sep 30 2024, 6:49 PM
Subscribers

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

For reference this is also CID 1008934.

sys/security/mac_bsdextended/mac_bsdextended.c
128

Shouldn't this be mbo_flags instead of mbo_neg ?

Also, stylish test would be () != 0.

sys/security/mac_bsdextended/mac_bsdextended.c
128

For reference this was introduced in rS157986, which introduced this non-stylistic change.

Perhaps we should just remove the first condition in this if, leaving

if ((rule->mbr_object.mbo_type | MBO_ALL_TYPE) != MBO_ALL_TYPE)

I.e., disallow invalid mbo_type flags regardless of whether MBO_TYPE_DEFINED is set?

As suggested by @kib I think this is the intended test.

The test currently in svn is in effect if (1 && ...) so removing the first part (as in my comment) should be no functional change, but I suppose this is actually what's intended; mbo_type is only accessed if rule->mbr_object.mbo_flags & MBO_TYPE_DEFINED.

kib added inline comments.
sys/security/mac_bsdextended/mac_bsdextended.c
128

Still, I prefer to add != 0 .

This revision is now accepted and ready to land.Jun 3 2017, 9:14 AM
This revision was automatically updated to reflect the committed changes.