From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Sun, 10 Nov 2019 12:32:36 +0000 (+0100)
Subject: bpf: fix off-by-one in class whitelisting
X-Git-Tag: v244-rc1~62^2~5
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a72a5326a47733f057d1bea1ddb319b779165f8d;p=thirdparty%2Fsystemd.git

bpf: fix off-by-one in class whitelisting

We would jump one insn too many, landing in the middle of the subsequent block.
---

diff --git a/src/core/bpf-devices.c b/src/core/bpf-devices.c
index d83fc449383..60cc2f6b4ea 100644
--- a/src/core/bpf-devices.c
+++ b/src/core/bpf-devices.c
@@ -108,7 +108,7 @@ static int bpf_prog_whitelist_class(BPFProgram *prog, int type, const char *acc)
                 return -EINVAL;
 
         const struct bpf_insn insn[] = {
-                BPF_JMP_IMM(BPF_JNE, BPF_REG_2, type, 5), /* compare device type */
+                BPF_JMP_IMM(BPF_JNE, BPF_REG_2, type, 4), /* compare device type */
                 BPF_MOV32_REG(BPF_REG_1, BPF_REG_3), /* calculate access type */
                 BPF_ALU32_IMM(BPF_AND, BPF_REG_1, access),
                 BPF_JMP_REG(BPF_JNE, BPF_REG_1, BPF_REG_3, 1), /* compare access type */