git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	David Howells <dhowells@redhat.com>
	Wed, 22 Apr 2026 16:14:34 +0000 (17:14 +0100)
committer	Jakub Kicinski <kuba@kernel.org>
	Thu, 23 Apr 2026 19:40:52 +0000 (12:40 -0700)
commit	6929350080f4da292d111a3b33e53138fee51cec
tree	48a53f5a175ab0773672ee4faba0eaf1858e9941	tree \| snapshot
parent	24481a7f573305706054c59e275371f8d0fe919f	commit \| diff

rxgk: Fix potential integer overflow in length check

Fix potential integer overflow in rxgk_extract_token() when checking the
length of the ticket. Rather than rounding up the value to be tested
(which might overflow), round down the size of the available data.

Fixes: 2429a1976481 ("rxrpc: Fix untrusted unsigned subtract")
Closes: https://sashiko.dev/#/patchset/20260408121252.2249051-1-dhowells%40redhat.com
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: Jeffrey Altman <jaltman@auristor.com>
cc: Simon Horman <horms@kernel.org>
cc: linux-afs@lists.infradead.org
cc: stable@kernel.org
Link: https://patch.msgid.link/20260422161438.2593376-6-dhowells@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

net/rxrpc/rxgk_app.c		diff \| blob \| blame \| history
net/rxrpc/rxgk_common.h		diff \| blob \| blame \| history