git.ipfire.org Git - thirdparty/kernel/stable.git/commit

chelsio/chtls: prevent potential integer overflow on 32bit

commit fbbd84af6ba70334335bdeba3ae536cf751c14c6 upstream.

The "gl->tot_len" variable is controlled by the user.  It comes from
process_responses().  On 32bit systems, the "gl->tot_len +
sizeof(struct cpl_pass_accept_req) + sizeof(struct rss_header)" addition
could have an integer wrapping bug.  Use size_add() to prevent this.

Fixes: a08943947873 ("crypto: chtls - Register chtls with net tls")
Cc: stable@vger.kernel.org
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/c6bfb23c-2db2-4e1b-b8ab-ba3925c82ef5@stanley.mountain
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

author	Dan Carpenter <dan.carpenter@linaro.org>
	Fri, 13 Dec 2024 09:47:27 +0000 (12:47 +0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 9 Jan 2025 12:24:53 +0000 (13:24 +0100)
commit	8eb181aee760e49f4243eb38d4730df8bd0375f5
tree	982f5060181ffdcfdc8cc5162dd8d3f1fb81cbd6	tree \| snapshot
parent	ddfb709c289553c70a2fa0cfbf8ca88ab6f468b6	commit \| diff