lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130506184946.GA1360@mwanda>
Date:	Mon, 6 May 2013 21:49:46 +0300
From:	Dan Carpenter <dan.carpenter@...cle.com>
To:	Sergei Shtylyov <sergei.shtylyov@...entembedded.com>
Cc:	Jon Maloy <jon.maloy@...csson.com>,
	Allan Stephens <allan.stephens@...driver.com>,
	"David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
	tipc-discussion@...ts.sourceforge.net,
	kernel-janitors@...r.kernel.org
Subject: Re: [patch 2/2] tipc: potential divide by zero in
 tipc_link_recv_fragment()

On Mon, May 06, 2013 at 10:38:53PM +0400, Sergei Shtylyov wrote:
> Hello.
> 
> On 06-05-2013 22:29, Dan Carpenter wrote:
> 
> >The worry here is that fragm_sz could be zero since it comes from
> >skb->data.
> 
> >Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
> 
> >diff --git a/net/tipc/link.c b/net/tipc/link.c
> >index 3a6064b3..de94493 100644
> >--- a/net/tipc/link.c
> >+++ b/net/tipc/link.c
> >@@ -2524,14 +2524,16 @@ int tipc_link_recv_fragment(struct sk_buff **pending, struct sk_buff **fb,
> >  		struct tipc_msg *imsg = (struct tipc_msg *)msg_data(fragm);
> >  		u32 msg_sz = msg_size(imsg);
> >  		u32 fragm_sz = msg_data_sz(fragm);
> >-		u32 exp_fragm_cnt = msg_sz/fragm_sz + !!(msg_sz % fragm_sz);
> >+		u32 exp_fragm_cnt;
> >  		u32 max =  TIPC_MAX_USER_MSG_SIZE + NAMED_H_SIZE;
> >+
> >  		if (msg_type(imsg) == TIPC_MCAST_MSG)
> >  			max = TIPC_MAX_USER_MSG_SIZE + MCAST_H_SIZE;
> >-		if (msg_size(imsg) > max) {
> >+		if (fragm_sz == 0 || msg_size(imsg) > max) {
> >  			kfree_skb(fbuf);
> >  			return 0;
> >  		}
> >+		exp_fragm_cnt = msg_sz/fragm_sz + !!(msg_sz % fragm_sz);
> 
>    Don't you think spaces around / should be added at least for
> consistency with %?

Yep.  I missed that.  I'll resend.

regards,
dan carpenter

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ