git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Dan Carpenter <dan.carpenter@linaro.org>
	Fri, 13 Dec 2024 09:47:27 +0000 (12:47 +0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 9 Jan 2025 12:28:32 +0000 (13:28 +0100)
commit	16e1c1156674f935b503412940ee003bdbce7739
tree	ffb5f3a364da975e822fd1ba79302b0b286234cb	tree
parent	f4780fedeb65138050e855901b199a07e6cdb534	commit \| diff

chelsio/chtls: prevent potential integer overflow on 32bit

commit fbbd84af6ba70334335bdeba3ae536cf751c14c6 upstream.

The "gl->tot_len" variable is controlled by the user.  It comes from
process_responses().  On 32bit systems, the "gl->tot_len +
sizeof(struct cpl_pass_accept_req) + sizeof(struct rss_header)" addition
could have an integer wrapping bug.  Use size_add() to prevent this.

Fixes: a08943947873 ("crypto: chtls - Register chtls with net tls")
Cc: stable@vger.kernel.org
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/c6bfb23c-2db2-4e1b-b8ab-ba3925c82ef5@stanley.mountain
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>