CDC-NCM: avoid overflow in sanity checking - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Oliver Neukum <oneukum@suse.com>	2022-02-15 13:35:47 +0300
committer	David S. Miller <davem@davemloft.net>	2022-02-15 17:56:10 +0300
commit	8d2b1a1ec9f559d30b724877da4ce592edc41fdc (patch)
tree	2b5bad2d091e5bf2cb4f403ffb9305250a394594 /net/bridge
parent	7e5b6a5c8c44310784c88c1c198dde79f6402f7b (diff)
download	linux-8d2b1a1ec9f559d30b724877da4ce592edc41fdc.tar.xz

CDC-NCM: avoid overflow in sanity checking

A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the sanity check. Both offset and offset + len need to be checked in such a manner that no overflow can occur. And those quantities should be unsigned. Signed-off-by: Oliver Neukum <oneukum@suse.com> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'net/bridge')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: