Patch "tipc: re-order conditions in tipc_crypto_key_rcv()" has been added to the 5.10-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    tipc: re-order conditions in tipc_crypto_key_rcv()

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     tipc-re-order-conditions-in-tipc_crypto_key_rcv.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 0df655d72c0d4dce2c9106b8d43fa892a6b4a9f9
Author: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Date:   Fri Jan 17 12:36:14 2025 +0300

    tipc: re-order conditions in tipc_crypto_key_rcv()
    
    [ Upstream commit 5fe71fda89745fc3cd95f70d06e9162b595c3702 ]
    
    On a 32bit system the "keylen + sizeof(struct tipc_aead_key)" math could
    have an integer wrapping issue.  It doesn't matter because the "keylen"
    is checked on the next line, but just to make life easier for static
    analysis tools, let's re-order these conditions and avoid the integer
    overflow.
    
    Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
    Reviewed-by: Simon Horman <horms@xxxxxxxxxx>
    Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/tipc/crypto.c b/net/tipc/crypto.c
index b5aa0a835bced..bf384bd126963 100644
--- a/net/tipc/crypto.c
+++ b/net/tipc/crypto.c
@@ -2297,8 +2297,8 @@ static bool tipc_crypto_key_rcv(struct tipc_crypto *rx, struct tipc_msg *hdr)
 	keylen = ntohl(*((__be32 *)(data + TIPC_AEAD_ALG_NAME)));
 
 	/* Verify the supplied size values */
-	if (unlikely(size != keylen + sizeof(struct tipc_aead_key) ||
-		     keylen > TIPC_AEAD_KEY_SIZE_MAX)) {
+	if (unlikely(keylen > TIPC_AEAD_KEY_SIZE_MAX ||
+		     size != keylen + sizeof(struct tipc_aead_key))) {
 		pr_debug("%s: invalid MSG_CRYPTO key size\n", rx->name);
 		goto exit;
 	}




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux