| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5f51673a-e19b-45e8-bb1c-a6d3427213c1@kernel.org> Date: Fri, 8 Nov 2024 12:43:48 +0100 From: Matthieu Baerts <matttbe@...nel.org> To: Dmitry Kandybka <d.kandybka@...il.com> Cc: mptcp@...ts.linux.dev, netdev@...r.kernel.org, lvc-project@...uxtesting.org, Dmitry Antipov <dmantipov@...dex.ru> Subject: Re: [PATCH] mptcp: fix possible integer overflow in mptcp_reset_tout_timer Hi Dmitry, On 07/11/2024 11:36, Dmitry Kandybka wrote: > In 'mptcp_reset_tout_timer', promote 'probe_timestamp' to unsigned long > to avoid possible integer overflow. Compile tested only. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Dmitry Kandybka <d.kandybka@...il.com> > --- > net/mptcp/protocol.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c > index e978e05ec8d1..ff2b8a2bfe18 100644 > --- a/net/mptcp/protocol.c > +++ b/net/mptcp/protocol.c > @@ -2722,8 +2722,8 @@ void mptcp_reset_tout_timer(struct mptcp_sock *msk, unsigned long fail_tout) > if (!fail_tout && !inet_csk(sk)->icsk_mtup.probe_timestamp) > return; > > - close_timeout = inet_csk(sk)->icsk_mtup.probe_timestamp - tcp_jiffies32 + jiffies + > - mptcp_close_timeout(sk); > + close_timeout = (unsigned long)inet_csk(sk)->icsk_mtup.probe_timestamp - > + tcp_jiffies32 + jiffies + mptcp_close_timeout(sk); If I'm not mistaken, "jiffies" is an "unsigned long", which makes this modification not necessary, no? Cheers, Matt -- Sponsored by the NGI0 Core fund.
Powered by blists - more mailing lists