| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20221123201136.232ed8e7@kernel.org>
Date: Wed, 23 Nov 2022 20:11:36 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: Maxim Korotkov <korotkov.maxim.s@...il.com>
Cc: "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Paolo Abeni <pabeni@...hat.com>,
Guangbin Huang <huangguangbin2@...wei.com>,
Andrew Lunn <andrew@...n.ch>,
Alexander Lobakin <alexandr.lobakin@...el.com>,
"Keller, Jacob E" <jacob.e.keller@...el.com>,
Tom Rix <trix@...hat.com>, Marco Bonelli <marco@...eim.net>,
Edward Cree <ecree@...arflare.com>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org
Subject: Re: [PATCH v3] ethtool: avoiding integer overflow in
ethtool_phys_id()
On Tue, 22 Nov 2022 15:29:01 +0300 Maxim Korotkov wrote:
> The value of an arithmetic expression "n * id.data" is subject
> to possible overflow due to a failure to cast operands to a larger data
> type before performing arithmetic. Used macro for multiplication instead
> operator for avoiding overflow.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Signed-off-by: Maxim Korotkov <korotkov.maxim.s@...il.com>
Applying to net-next, pretty sure nobody expects us to support blinking
an LED 4 billion times, at a rate low enough for a human eye to see...
But let's watch the stable bots pick it up anyway.
Powered by blists - more mailing lists