[patch] Use unsigned constants for ICMP6 filters [BZ #22489]

Fri May 8 20:10:28 GMT 2020

Florian Weimer <fw@deneb.enyo.de> writes:
> I'd say that the filter array *elements* are unsigned, but I don't
> feel strongly about that.

Ok, hopefully one last version and then we can paint the bike shed ;-)

>From 4ce3470246e0336e53010d66f30a1040a7e1f4bb Mon Sep 17 00:00:00 2001
From: Sergey <s.korolev@ndmsystems.com>
Date: Fri, 24 Apr 2020 17:18:41 -0400
Subject: Use unsigned constants for ICMP6 filters [BZ #22489]

The core problem here is that the filter array elements are unsigned
but the computed constants are signed.  This both causes a
signededness conversion at the &= step and may cause undefined
behavior if the MSB is being modified.  This patch uses unsigned
constants to avoid both cases. - DJ

diff --git a/inet/netinet/icmp6.h b/inet/netinet/icmp6.h
index a75722887d..5fed0fbca1 100644
--- a/inet/netinet/icmp6.h
+++ b/inet/netinet/icmp6.h
@@ -85,16 +85,16 @@ struct icmp6_hdr
 #define ICMP6_PARAMPROB_OPTION        2 /* unrecognized IPv6 option */
 
 #define ICMP6_FILTER_WILLPASS(type, filterp) \
-	((((filterp)->icmp6_filt[(type) >> 5]) & (1 << ((type) & 31))) == 0)
+	((((filterp)->icmp6_filt[(type) >> 5]) & (1U << ((type) & 31))) == 0)
 
 #define ICMP6_FILTER_WILLBLOCK(type, filterp) \
-	((((filterp)->icmp6_filt[(type) >> 5]) & (1 << ((type) & 31))) != 0)
+	((((filterp)->icmp6_filt[(type) >> 5]) & (1U << ((type) & 31))) != 0)
 
 #define ICMP6_FILTER_SETPASS(type, filterp) \
-	((((filterp)->icmp6_filt[(type) >> 5]) &= ~(1 << ((type) & 31))))
+	((((filterp)->icmp6_filt[(type) >> 5]) &= ~(1U << ((type) & 31))))
 
 #define ICMP6_FILTER_SETBLOCK(type, filterp) \
-	((((filterp)->icmp6_filt[(type) >> 5]) |=  (1 << ((type) & 31))))
+	((((filterp)->icmp6_filt[(type) >> 5]) |=  (1U << ((type) & 31))))
 
 #define ICMP6_FILTER_SETPASSALL(filterp) \
 	memset (filterp, 0, sizeof (struct icmp6_filter));

