Re: [PATCH net-next v3] ipv6: Fix signed integer overflow in __ip6_append_data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


在 2022/6/1 12:35, Jakub Kicinski 写道:

On Sat, 28 May 2022 10:23:12 +0800 Wang Yufen wrote:

diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 55afd7f39c04..91704bbc7715 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -1308,7 +1308,7 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
  	struct ipcm6_cookie ipc6;
  	int addr_len = msg->msg_namelen;
  	bool connected = false;
-	int ulen = len;
+	size_t ulen = len;
  	int corkreq = READ_ONCE(up->corkflag) || msg->msg_flags&MSG_MORE;
  	int err;
  	int is_udplite = IS_UDPLITE(sk);

No need to change ulen neither, it will not overflow and will be
promoted to size_t when passed to ip6_append_data() / ip6_make_skb().
.

OK, thanks.
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux