Re: [PATCH] cxgb4: prevent potential integer overflow on 32bit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Dec 09, 2024 at 02:55:56PM -0400, Jason Gunthorpe wrote:
> On Sat, Nov 30, 2024 at 01:01:37PM +0300, Dan Carpenter wrote:
> > The "gl->tot_len" variable is controlled by the user.  It comes from
> > process_responses().  On 32bit systems, the "gl->tot_len +
> > sizeof(struct cpl_pass_accept_req) + sizeof(struct rss_header)" addition
> > could have an integer wrapping bug.  Use size_add() to prevent this.
> > 
> > Fixes: a08943947873 ("crypto: chtls - Register chtls with net tls")
> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> > ---
> > This is from static analysis.  I've spent some time reviewing this code
> > but I might be wrong.
> 
> Applied to for-next
> 
> I fixed the Fixes line:
> 
>     Fixes: 1cab775c3e75 ("RDMA/cxgb4: Fix LE hash collision bug for passive open connection")

Aw crud.  There are two implementations of copy_gl_to_skb_pkt() and I
only patched one.  It's pretty weird how I mixed up the Fixes tags.
Anyway, I'll patch drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_main.c
as well.

regards,
dan carpenter





[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux