1
linux/net
Xi Wang c89304b8ea sctp: better integer overflow check in sctp_auth_create_key()
The check from commit 30c2235c is incomplete and cannot prevent
cases like key_len = 0x80000000 (INT_MAX + 1).  In that case, the
left-hand side of the check (INT_MAX - key_len), which is unsigned,
becomes 0xffffffff (UINT_MAX) and bypasses the check.

However this shouldn't be a security issue.  The function is called
from the following two code paths:

 1) setsockopt()

 2) sctp_auth_asoc_set_secret()

In case (1), sca_keylength is never going to exceed 65535 since it's
bounded by a u16 from the user API.  As such, the key length will
never overflow.

In case (2), sca_keylength is computed based on the user key (1 short)
and 2 * key_vector (3 shorts) for a total of 7 * USHRT_MAX, which still
will not overflow.

In other words, this overflow check is not really necessary.  Just
make it more correct.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Cc: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-11-29 15:51:03 -05:00
..
9p net/9p: Convert net/9p protocol dumps to tracepoints 2011-10-24 11:13:12 -05:00
802 net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
8021q Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
appletalk net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
atm net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
ax25 net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
batman-adv Merge branch 'batman-adv/maint' of git://git.open-mesh.org/linux-merge 2011-10-30 03:05:07 -04:00
bluetooth Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless 2011-11-09 16:22:15 -05:00
bridge bridge: correct IPv6 checksum after pull 2011-11-16 17:32:43 -05:00
caif caif: fix endian conversion in cffrml_transmit() 2011-11-21 16:46:24 -05:00
can can: remove references to berlios mailinglist 2011-10-17 19:22:46 -04:00
ceph net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
core net: Fix corruption in /proc/*/net/dev_mcast 2011-11-28 18:07:29 -05:00
dcb net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
dccp dccp: fix error propagation in dccp_v4_connect 2011-11-21 16:45:26 -05:00
decnet decnet: proper socket refcounting 2011-11-26 15:49:07 -05:00
dns_resolver
dsa net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
econet
ethernet net: don't clear IFF_XMIT_DST_RELEASE in ether_setup 2011-09-15 14:49:44 -04:00
ieee802154 net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
ipv4 Merge branch 'nf' of git://1984.lsi.us.es/net 2011-11-29 01:20:55 -05:00
ipv6 ipv6: Set mcast_hops to IPV6_DEFAULT_MCASTHOPS when -1 was given. 2011-11-28 18:09:13 -05:00
ipx net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
irda net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
iucv net: more accurate skb truesize 2011-10-13 16:05:07 -04:00
key
l2tp l2tp: ensure sk->dst is still valid 2011-11-26 15:57:36 -05:00
lapb wan: make LAPB callbacks const 2011-09-16 19:20:20 -04:00
llc net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
mac80211 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem 2011-11-22 16:46:55 -05:00
netfilter Merge branch 'nf' of git://1984.lsi.us.es/net 2011-11-29 01:20:55 -05:00
netlabel net/netlabel: copy and paste bug in netlbl_cfg_unlbl_map_add() 2011-11-25 01:41:29 -05:00
netlink af_unix: dont send SCM_CREDENTIALS by default 2011-09-28 13:29:50 -04:00
netrom net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
nfc Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
packet net/packet: Revert incorrect dead-code changes to prb_setup_retire_blk_timer 2011-11-14 21:49:46 -05:00
phonet net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
rds rds: drop "select LLIST" 2011-11-14 00:10:50 -05:00
rfkill net: add moduleparam.h for users of module_param/MODULE_PARM_DESC 2011-10-31 19:30:29 -04:00
rose net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
rxrpc net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
sched net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
sctp sctp: better integer overflow check in sctp_auth_create_key() 2011-11-29 15:51:03 -05:00
sunrpc Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
tipc net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
unix AF_UNIX: Fix poll blocking problem when reading from a stream socket 2011-11-26 16:34:22 -05:00
wanrouter wanrouter: Remove kernel_lock annotations 2011-11-07 13:27:30 -05:00
wimax net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
wireless Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem 2011-11-22 16:46:55 -05:00
x25 Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
xfrm net: Move mtu handling down to the protocol depended handlers 2011-11-26 14:29:51 -05:00
compat.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
Kconfig
Makefile
nonet.c
socket.c Merge branch 'master' of github.com:davem330/net 2011-09-22 03:23:13 -04:00
sysctl_net.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00