From patchwork Wed Oct 28 23:06:03 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Stultz <john.stultz@linaro.org>
X-Patchwork-Id: 55734
Delivered-To: patches@linaro.org
Received: by 10.112.61.134 with SMTP id p6csp217942lbr;
 Wed, 28 Oct 2015 16:06:32 -0700 (PDT)
X-Received: by 10.66.63.34 with SMTP id d2mr16735164pas.80.1446073592105;
 Wed, 28 Oct 2015 16:06:32 -0700 (PDT)
Return-Path: <john.stultz@linaro.org>
Received: from mail-pa0-x235.google.com (mail-pa0-x235.google.com.
 [2607:f8b0:400e:c03::235]) by mx.google.com with ESMTPS id
 ok10si36897620pab.211.2015.10.28.16.06.31 for <patches@linaro.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 28 Oct 2015 16:06:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of john.stultz@linaro.org designates
 2607:f8b0:400e:c03::235 as permitted sender)
 client-ip=2607:f8b0:400e:c03::235; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of john.stultz@linaro.org designates
 2607:f8b0:400e:c03::235 as permitted sender)
 smtp.mailfrom=john.stultz@linaro.org; 
 dkim=pass header.i=@linaro_org.20150623.gappssmtp.com
Received: by padhy1 with SMTP id hy1so14005367pad.0
 for <patches@linaro.org>; Wed, 28 Oct 2015 16:06:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linaro_org.20150623.gappssmtp.com; s=20150623;
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=CAEc89LofE+IkUWKlkAereI1mWjKxVq0myMaQgp2Jv8=;
 b=KN6llieK9KG4mWOmkgcEBd6H2fN/6/tWcWnEK7jitqnCioCBAz7EdbaKVglP021OAo
 pNsO5p436Yi+li6StLyNy1HpPuf341G/qvUFZ4SMDnuvISD2BJ83sdxkLg2gJdEB0Y+L
 Yp0EPUhpeFwyRCfjVB+5RxQzglfEf4Tga0muDP6y8sO7HMyYj48fFj/mJQSxMqfz3Ntu
 TbCnTvIODdLc9sf/tqqoe7O/Ra+2FHjxPdsMdCuWdt+LSH5DMqjNQ2wXir5UtB6p2dhI
 A0+KBNOotFaQ6xgY73xm8v48fChJWSgCu8D8QhOZQZsnF1etDDygY0GR66luZSgNbiaQ
 jiPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=CAEc89LofE+IkUWKlkAereI1mWjKxVq0myMaQgp2Jv8=;
 b=To0nJAgPeEMxc5rjpS+T6QjAhaq85X7CniCy6+MC5nktsj7j1ST88cOYmW8gxYXOyx
 ZLvXT2Bu+Hlm4lv/p+UQMa1qH6MYmtsMZUvAecFJZYjYxHNmn0RF5g9GVa4wimyhoGg6
 C5euELHLjfhzcSeV/tcsAhGUOaxw21KDUOklxXyHapkMtnOQHcfMvj+TVSFhq0uc2qeT
 XEAmDEMmsX9rDoZxYngAMRktcK40s4J7T5lqk8F4ZGNpgO6ZCkr6iHl6Jzv2hnf+wOsz
 GH/nBtw6GRCImE33tk0FNrbTSa43/ijAJM2fPMJGSaAUyCz4UqQD1s9xEE4hWG0uVPcn
 bFNw==
X-Gm-Message-State: ALoCoQlJ8tKFGCh5mwYSR070hU6pj7ziFx3+VRPC3qKm2du9wuDmoiakc+qecQRPMApCDu7w2YDu
X-Received: by 10.68.163.195 with SMTP id yk3mr36749874pbb.120.1446073591764; 
 Wed, 28 Oct 2015 16:06:31 -0700 (PDT)
Return-Path: <john.stultz@linaro.org>
Received: from localhost.localdomain (c-76-115-103-22.hsd1.or.comcast.net.
 [76.115.103.22]) by smtp.gmail.com with ESMTPSA id
 by6sm42851961pab.25.2015.10.28.16.06.30
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Wed, 28 Oct 2015 16:06:30 -0700 (PDT)
From: John Stultz <john.stultz@linaro.org>
To: Dmitry Shmidt <dimitrysh@google.com>
Cc: Amit Pundir <amit.pundir@linaro.org>, John Stultz <john.stultz@linaro.org>
Subject: [PATCH 2/5] xt_qtaguid: fix broken uid/gid range check
Date: Wed, 28 Oct 2015 16:06:03 -0700
Message-Id: <1446073566-6401-3-git-send-email-john.stultz@linaro.org>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1446073566-6401-1-git-send-email-john.stultz@linaro.org>
References: <1446073566-6401-1-git-send-email-john.stultz@linaro.org>

From: Amit Pundir <amit.pundir@linaro.org>

The existing test to check if current uid/gid is within
valid range is broken due to missing parenthesis.

Change-Id: I889ebbd0e2ea6a9426cb1509a2975e7107666407
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
[jstultz: Cherry picked from Amit's tree]
Signed-off-by: John Stultz <john.stultz@linaro.org>
---
 net/netfilter/xt_qtaguid.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

-- 
1.9.1

diff --git a/net/netfilter/xt_qtaguid.c b/net/netfilter/xt_qtaguid.c
index 0ad8d7a..9664bec 100644
--- a/net/netfilter/xt_qtaguid.c
+++ b/net/netfilter/xt_qtaguid.c
@@ -1773,8 +1773,8 @@ static bool qtaguid_mt(const struct sk_buff *skb, struct xt_action_param *par)
 		kuid_t uid_min = make_kuid(&init_user_ns, info->uid_min);
 		kuid_t uid_max = make_kuid(&init_user_ns, info->uid_max);
 
-		if (uid_gte(filp->f_cred->fsuid, uid_min) &&
-		     uid_lte(filp->f_cred->fsuid, uid_max) ^
+		if ((uid_gte(filp->f_cred->fsuid, uid_min) &&
+		     uid_lte(filp->f_cred->fsuid, uid_max)) ^
 		    !(info->invert & XT_QTAGUID_UID)) {
 			MT_DEBUG("qtaguid[%d]: leaving uid not matching\n",
 				 par->hooknum);
@@ -1786,8 +1786,8 @@ static bool qtaguid_mt(const struct sk_buff *skb, struct xt_action_param *par)
 		kgid_t gid_min = make_kgid(&init_user_ns, info->gid_min);
 		kgid_t gid_max = make_kgid(&init_user_ns, info->gid_max);
 
-		if (gid_gte(filp->f_cred->fsgid, gid_min) &&
-				gid_lte(filp->f_cred->fsgid, gid_max) ^
+		if ((gid_gte(filp->f_cred->fsgid, gid_min) &&
+				gid_lte(filp->f_cred->fsgid, gid_max)) ^
 			!(info->invert & XT_QTAGUID_GID)) {
 			MT_DEBUG("qtaguid[%d]: leaving gid not matching\n",
 				par->hooknum);