lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aQ4J169gBFHVzAJa@krikkit>
Date: Fri, 7 Nov 2025 16:01:43 +0100
From: Sabrina Dubroca <sd@...asysnail.net>
To: Nate Karstens <nate.karstens@...min.com>
Cc: netdev@...r.kernel.org, Nate Karstens <nate.karstens@...il.com>,
	Tom Herbert <tom@...ntonium.net>,
	Jacob Keller <jacob.e.keller@...el.com>, stable@...r.kernel.org,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Simon Horman <horms@...nel.org>,
	Martin KaFai Lau <martin.lau@...nel.org>,
	Jakub Sitnicki <jakub@...udflare.com>, Jiayuan Chen <mrpre@....com>,
	"Dr. David Alan Gilbert" <linux@...blig.org>,
	Tom Herbert <tom@...bertland.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net v2] strparser: Fix signed/unsigned mismatch bug

2025-11-06, 16:28:33 -0600, Nate Karstens wrote:
> The `len` member of the sk_buff is an unsigned int. This is cast to
> `ssize_t` (a signed type) for the first sk_buff in the comparison,
> but not the second sk_buff. On 32-bit systems, this can result in
> an integer underflow for certain values because unsigned arithmetic
> is being used.
> 
> This appears to be an oversight: if the intention was to use unsigned
> arithmetic, then the first cast would have been omitted. The change
> ensures both len values are cast to `ssize_t`.
> 
> The underflow causes an issue with ktls when multiple TLS PDUs are
> included in a single TCP segment. The mainline kernel does not use
> strparser for ktls anymore, but this is still useful for other
> features that still use strparser, and for backporting.
> 
> Signed-off-by: Nate Karstens <nate.karstens@...min.com>
> Cc: stable@...r.kernel.org
> Fixes: 43a0c6751a32 ("strparser: Stream parser for messages")
> ---
>  net/strparser/strparser.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Sabrina Dubroca <sd@...asysnail.net>

Thanks Nate.

-- 
Sabrina

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ