| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241107103657.1560536-1-d.kandybka@gmail.com> Date: Thu, 7 Nov 2024 13:36:57 +0300 From: Dmitry Kandybka <d.kandybka@...il.com> To: Matthieu Baerts <matttbe@...nel.org> Cc: mptcp@...ts.linux.dev, netdev@...r.kernel.org, lvc-project@...uxtesting.org, Dmitry Antipov <dmantipov@...dex.ru>, Dmitry Kandybka <d.kandybka@...il.com> Subject: [PATCH] mptcp: fix possible integer overflow in mptcp_reset_tout_timer In 'mptcp_reset_tout_timer', promote 'probe_timestamp' to unsigned long to avoid possible integer overflow. Compile tested only. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Dmitry Kandybka <d.kandybka@...il.com> --- net/mptcp/protocol.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index e978e05ec8d1..ff2b8a2bfe18 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -2722,8 +2722,8 @@ void mptcp_reset_tout_timer(struct mptcp_sock *msk, unsigned long fail_tout) if (!fail_tout && !inet_csk(sk)->icsk_mtup.probe_timestamp) return; - close_timeout = inet_csk(sk)->icsk_mtup.probe_timestamp - tcp_jiffies32 + jiffies + - mptcp_close_timeout(sk); + close_timeout = (unsigned long)inet_csk(sk)->icsk_mtup.probe_timestamp - + tcp_jiffies32 + jiffies + mptcp_close_timeout(sk); /* the close timeout takes precedence on the fail one, and here at least one of * them is active -- 2.43.5
Powered by blists - more mailing lists