On Tue, 26 Aug 2008, Eugene Teo wrote: > > > @@ -80,6 +80,10 @@ static struct sctp_auth_bytes *sctp_auth_create_key(__u32 key_len, gfp_t gfp) > > This should be __u16 key_len. Hmm? If it fits in a u16, then there is no worry about overflow. > > struct sctp_auth_bytes *key; > > > > + /* Verify that we are not going to overflow INT_MAX */ > > + if ((INT_MAX - key_len) < sizeof(struct sctp_auth_bytes)) > > + return NULL; > > Shouldn't this be UINT_MAX? But then if you are going to change > sctp_auth_create_key() to accept __u16 key_len, then it should be > USHORT_MAX. If it's ushort, then it shouldn't need any test at all from an overflow standpoint. The addition simply can't overflow, since it's always done in "size_t" due to the sizeof. But if it can overflow, I actually think it makes more sense to test for something smaller than the "exact" overflow. A key can't reasonably be all that long _anyway_, so it's probably better to test for something _much_ smaller. Linus -- To unsubscribe from this list: send the line "unsubscribe linux-sctp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
