Message ID | 20220211045510.18870-1-hbh25y@gmail.com (mailing list archive) |
---|---|
State | Accepted |
Commit | 143de8d97d79316590475dc2a84513c63c863ddf |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | [net] tipc: fix a bit overflow in tipc_crypto_key_rcv() | expand |
Hello: This patch was applied to netdev/net.git (master) by David S. Miller <davem@davemloft.net>: On Fri, 11 Feb 2022 12:55:10 +0800 you wrote: > msg_data_sz return a 32bit value, but size is 16bit. This may lead to a > bit overflow. > > Signed-off-by: Hangyu Hua <hbh25y@gmail.com> > --- > net/tipc/crypto.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Here is the summary with links: - [net] tipc: fix a bit overflow in tipc_crypto_key_rcv() https://git.kernel.org/netdev/net/c/143de8d97d79 You are awesome, thank you!
diff --git a/net/tipc/crypto.c b/net/tipc/crypto.c index d293614d5fc6..b5074957e881 100644 --- a/net/tipc/crypto.c +++ b/net/tipc/crypto.c @@ -2287,7 +2287,7 @@ static bool tipc_crypto_key_rcv(struct tipc_crypto *rx, struct tipc_msg *hdr) struct tipc_crypto *tx = tipc_net(rx->net)->crypto_tx; struct tipc_aead_key *skey = NULL; u16 key_gen = msg_key_gen(hdr); - u16 size = msg_data_sz(hdr); + u32 size = msg_data_sz(hdr); u8 *data = msg_data(hdr); unsigned int keylen;
msg_data_sz return a 32bit value, but size is 16bit. This may lead to a bit overflow. Signed-off-by: Hangyu Hua <hbh25y@gmail.com> --- net/tipc/crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)