lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Fri, 20 Dec 2019 02:10:30 +0100
From:   Pablo Neira Ayuso <>
To:     Arnd Bergmann <>
Cc:     Jozsef Kadlecsik <>,
        Florian Westphal <>,
        "David S. Miller" <>, wenxu <>,,,,
Subject: Re: [PATCH] netfilter: nf_flow_table: fix big-endian integer overflow

On Tue, Dec 10, 2019 at 09:24:28PM +0100, Arnd Bergmann wrote:
> In some configurations, gcc reports an integer overflow:
> net/netfilter/nf_flow_table_offload.c: In function 'nf_flow_rule_match':
> net/netfilter/nf_flow_table_offload.c:80:21: error: unsigned conversion from 'int' to '__be16' {aka 'short unsigned int'} changes value from '327680' to '0' [-Werror=overflow]
>    mask->tcp.flags = TCP_FLAG_RST | TCP_FLAG_FIN;
>                      ^~~~~~~~~~~~
> From what I can tell, we want the upper 16 bits of these constants,
> so they need to be shifted in cpu-endian mode.
> Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support")
> Signed-off-by: Arnd Bergmann <>

Applied, thanks.

Powered by blists - more mailing lists