Re: [PATCH] cxgb4: prevent potential integer overflow on 32bit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Nov 30, 2024 at 01:01:37PM +0300, Dan Carpenter wrote:
> The "gl->tot_len" variable is controlled by the user.  It comes from
> process_responses().  On 32bit systems, the "gl->tot_len +
> sizeof(struct cpl_pass_accept_req) + sizeof(struct rss_header)" addition
> could have an integer wrapping bug.  Use size_add() to prevent this.
> 
> Fixes: a08943947873 ("crypto: chtls - Register chtls with net tls")
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> ---
> This is from static analysis.  I've spent some time reviewing this code
> but I might be wrong.

Applied to for-next

I fixed the Fixes line:

    Fixes: 1cab775c3e75 ("RDMA/cxgb4: Fix LE hash collision bug for passive open connection")

Thanks,
Jason




[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux