From 0c003b94aa2eed9dc6d1fe4cc49bc62dae58df83 Mon Sep 17 00:00:00 2001
From: Henrik Brix Andersen <hebad@vestas.com>
Date: Tue, 24 Oct 2023 22:16:11 +0200
Subject: [PATCH] drivers: can: be consistent in filter_id checks when removing
 rx filters

Change the CAN controller driver implementations for the
can_remove_rx_filter() API call to be consistent in their validation of the
supplied filter_id.

Fixes: #64398

Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
(cherry picked from commit 6c5400d2e1dbc6fc278dad8cce396208fbecc59a)
---
 drivers/can/can_loopback.c           | 2 +-
 drivers/can/can_mcan.c               | 7 ++++++-
 drivers/can/can_mcp2515.c            | 5 +++++
 drivers/can/can_mcux_flexcan.c       | 5 ++---
 drivers/can/can_native_posix_linux.c | 1 +
 drivers/can/can_nxp_s32_canxl.c      | 5 ++++-
 drivers/can/can_rcar.c               | 3 ++-
 drivers/can/can_stm32.c              | 5 ++++-
 8 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/drivers/can/can_loopback.c b/drivers/can/can_loopback.c
index 6eaea400ee01f1..37f47b42ef57cf 100644
--- a/drivers/can/can_loopback.c
+++ b/drivers/can/can_loopback.c
@@ -211,7 +211,7 @@ static void can_loopback_remove_rx_filter(const struct device *dev, int filter_i
 {
 	struct can_loopback_data *data = dev->data;
 
-	if (filter_id >= ARRAY_SIZE(data->filters)) {
+	if (filter_id < 0 || filter_id >= ARRAY_SIZE(data->filters)) {
 		LOG_ERR("filter ID %d out-of-bounds", filter_id);
 		return;
 	}
diff --git a/drivers/can/can_mcan.c b/drivers/can/can_mcan.c
index 0cf8d12c4b9750..3d0ba5d76b24ae 100644
--- a/drivers/can/can_mcan.c
+++ b/drivers/can/can_mcan.c
@@ -1110,12 +1110,17 @@ void can_mcan_remove_rx_filter(const struct device *dev, int filter_id)
 	struct can_mcan_data *data = dev->data;
 	int err;
 
+	if (filter_id < 0) {
+		LOG_ERR("filter ID %d out of bounds", filter_id);
+		return;
+	}
+
 	k_mutex_lock(&data->lock, K_FOREVER);
 
 	if (filter_id >= cbs->num_std) {
 		filter_id -= cbs->num_std;
 		if (filter_id >= cbs->num_ext) {
-			LOG_ERR("Wrong filter id");
+			LOG_ERR("filter ID %d out of bounds", filter_id);
 			k_mutex_unlock(&data->lock);
 			return;
 		}
diff --git a/drivers/can/can_mcp2515.c b/drivers/can/can_mcp2515.c
index 1773c7cc593e57..9750ce5dd2d2ef 100644
--- a/drivers/can/can_mcp2515.c
+++ b/drivers/can/can_mcp2515.c
@@ -673,6 +673,11 @@ static void mcp2515_remove_rx_filter(const struct device *dev, int filter_id)
 {
 	struct mcp2515_data *dev_data = dev->data;
 
+	if (filter_id < 0 || filter_id >= CONFIG_CAN_MAX_FILTER) {
+		LOG_ERR("filter ID %d out of bounds", filter_id);
+		return;
+	}
+
 	k_mutex_lock(&dev_data->mutex, K_FOREVER);
 	dev_data->filter_usage &= ~BIT(filter_id);
 	k_mutex_unlock(&dev_data->mutex);
diff --git a/drivers/can/can_mcux_flexcan.c b/drivers/can/can_mcux_flexcan.c
index 969e81fdc153eb..481996b2185abe 100644
--- a/drivers/can/can_mcux_flexcan.c
+++ b/drivers/can/can_mcux_flexcan.c
@@ -921,9 +921,8 @@ static void mcux_flexcan_remove_rx_filter(const struct device *dev, int filter_i
 {
 	struct mcux_flexcan_data *data = dev->data;
 
-	if (filter_id >= MCUX_FLEXCAN_MAX_RX) {
-		LOG_ERR("Detach: Filter id >= MAX_RX (%d >= %d)", filter_id,
-			MCUX_FLEXCAN_MAX_RX);
+	if (filter_id < 0 || filter_id >= MCUX_FLEXCAN_MAX_RX) {
+		LOG_ERR("filter ID %d out of bounds", filter_id);
 		return;
 	}
 
diff --git a/drivers/can/can_native_posix_linux.c b/drivers/can/can_native_posix_linux.c
index c3a12c9441f3b3..5d6205d5937681 100644
--- a/drivers/can/can_native_posix_linux.c
+++ b/drivers/can/can_native_posix_linux.c
@@ -239,6 +239,7 @@ static void can_npl_remove_rx_filter(const struct device *dev, int filter_id)
 	struct can_npl_data *data = dev->data;
 
 	if (filter_id < 0 || filter_id >= ARRAY_SIZE(data->filters)) {
+		LOG_ERR("filter ID %d out of bounds");
 		return;
 	}
 
diff --git a/drivers/can/can_nxp_s32_canxl.c b/drivers/can/can_nxp_s32_canxl.c
index b5dd7305c51bfd..6178402aedfa48 100644
--- a/drivers/can/can_nxp_s32_canxl.c
+++ b/drivers/can/can_nxp_s32_canxl.c
@@ -396,7 +396,10 @@ static void can_nxp_s32_remove_rx_filter(const struct device *dev, int filter_id
 	struct can_nxp_s32_data *data = dev->data;
 	int mb_indx = ALLOC_IDX_TO_RXMB_IDX(filter_id);
 
-	__ASSERT_NO_MSG(filter_id >= 0 && filter_id < CONFIG_CAN_NXP_S32_MAX_RX);
+	if (filter_id < 0 || filter_id >= CONFIG_CAN_NXP_S32_MAX_RX) {
+		LOG_ERR("filter ID %d out of bounds", filter_id);
+		return;
+	}
 
 	k_mutex_lock(&data->rx_mutex, K_FOREVER);
 
diff --git a/drivers/can/can_rcar.c b/drivers/can/can_rcar.c
index 7e108ebd42a232..ba851ab9e3b5ad 100644
--- a/drivers/can/can_rcar.c
+++ b/drivers/can/can_rcar.c
@@ -973,7 +973,8 @@ static void can_rcar_remove_rx_filter(const struct device *dev, int filter_id)
 {
 	struct can_rcar_data *data = dev->data;
 
-	if (filter_id >= CONFIG_CAN_RCAR_MAX_FILTER) {
+	if (filter_id < 0 || filter_id >= CONFIG_CAN_RCAR_MAX_FILTER) {
+		LOG_ERR("filter ID %d out of bounds", filter_id);
 		return;
 	}
 
diff --git a/drivers/can/can_stm32.c b/drivers/can/can_stm32.c
index abfe4848f40bcb..60c416835159e3 100644
--- a/drivers/can/can_stm32.c
+++ b/drivers/can/can_stm32.c
@@ -990,7 +990,10 @@ static void can_stm32_remove_rx_filter(const struct device *dev, int filter_id)
 	int bank_num;
 	bool bank_unused;
 
-	__ASSERT_NO_MSG(filter_id >= 0 && filter_id < CAN_STM32_MAX_FILTER_ID);
+	if (filter_id < 0 || filter_id >= CAN_STM32_MAX_FILTER_ID) {
+		LOG_ERR("filter ID %d out of bounds", filter_id);
+		return;
+	}
 
 	k_mutex_lock(&filter_mutex, K_FOREVER);
 	k_mutex_lock(&data->inst_mutex, K_FOREVER);