| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Jun 2022 14:21:52 +0800
From: wangyufen <wangyufen@...wei.com>
To: Jakub Kicinski <kuba@...nel.org>
CC: <davem@...emloft.net>, <yoshfuji@...ux-ipv6.org>,
<dsahern@...nel.org>, <edumazet@...gle.com>, <pabeni@...hat.com>,
<ast@...nel.org>, <daniel@...earbox.net>, <andrii@...nel.org>,
<kafai@...com>, <songliubraving@...com>, <yhs@...com>,
<john.fastabend@...il.com>, <kpsingh@...nel.org>,
<netdev@...r.kernel.org>, <bpf@...r.kernel.org>
Subject: Re: [PATCH net-next v3] ipv6: Fix signed integer overflow in
__ip6_append_data
在 2022/6/1 12:35, Jakub Kicinski 写道:
> On Sat, 28 May 2022 10:23:12 +0800 Wang Yufen wrote:
>> diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
>> index 55afd7f39c04..91704bbc7715 100644
>> --- a/net/ipv6/udp.c
>> +++ b/net/ipv6/udp.c
>> @@ -1308,7 +1308,7 @@ int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
>> struct ipcm6_cookie ipc6;
>> int addr_len = msg->msg_namelen;
>> bool connected = false;
>> - int ulen = len;
>> + size_t ulen = len;
>> int corkreq = READ_ONCE(up->corkflag) || msg->msg_flags&MSG_MORE;
>> int err;
>> int is_udplite = IS_UDPLITE(sk);
> No need to change ulen neither, it will not overflow and will be
> promoted to size_t when passed to ip6_append_data() / ip6_make_skb().
> .
OK, thanks.
Powered by blists - more mailing lists