bpf: fix off-by-one in class whitelisting

author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Sun, 10 Nov 2019 12:32:36 +0000 (13:32 +0100)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Mon, 11 Nov 2019 13:55:57 +0000 (14:55 +0100)
author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Sun, 10 Nov 2019 12:32:36 +0000 (13:32 +0100)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Mon, 11 Nov 2019 13:55:57 +0000 (14:55 +0100)
diff --git a/src/core/bpf-devices.c b/src/core/bpf-devices.c

index d83fc44..60cc2f6 100644 (file)
--- a/src/core/bpf-devices.c
+++ b/src/core/bpf-devices.c
@@ -108,7 +108,7 @@ static int bpf_prog_whitelist_class(BPFProgram *prog, int type, const char *acc)
                  return -EINVAL;
  
          const struct bpf_insn insn[] = {
-                BPF_JMP_IMM(BPF_JNE, BPF_REG_2, type, 5), /* compare device type */
+                BPF_JMP_IMM(BPF_JNE, BPF_REG_2, type, 4), /* compare device type */
                  BPF_MOV32_REG(BPF_REG_1, BPF_REG_3), /* calculate access type */
                  BPF_ALU32_IMM(BPF_AND, BPF_REG_1, access),
                  BPF_JMP_REG(BPF_JNE, BPF_REG_1, BPF_REG_3, 1), /* compare access type */
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Sun, 10 Nov 2019 12:32:36 +0000 (13:32 +0100)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Mon, 11 Nov 2019 13:55:57 +0000 (14:55 +0100)