summaryrefslogtreecommitdiff
path: root/fs/binfmt_elf.c
diff options
context:
space:
mode:
authorDaniel Borkmann <dborkman@redhat.com>2013-08-05 10:49:35 (GMT)
committerDavid S. Miller <davem@davemloft.net>2013-08-05 19:26:50 (GMT)
commit7921895a5e852fc99de347bc0600659997de9298 (patch)
tree0806f91433c6a67fa20a679d9c5db4809cf981d9 /fs/binfmt_elf.c
parent07ce76aa9bcf8bc106a53c67548c5602f1598595 (diff)
downloadlinux-7921895a5e852fc99de347bc0600659997de9298.tar.xz
net: esp{4,6}: fix potential MTU calculation overflows
Commit 91657eafb ("xfrm: take net hdr len into account for esp payload size calculation") introduced a possible interger overflow in esp{4,6}_get_mtu() handlers in case of x->props.mode equals XFRM_MODE_TUNNEL. Thus, the following expression will overflow unsigned int net_adj; ... <case ipv{4,6} XFRM_MODE_TUNNEL> net_adj = 0; ... return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) - net_adj) & ~(align - 1)) + (net_adj - 2); where (net_adj - 2) would be evaluated as <foo> + (0 - 2) in an unsigned context. Fix it by simply removing brackets as those operations here do not need to have special precedence. Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Cc: Benjamin Poirier <bpoirier@suse.de> Cc: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Benjamin Poirier <bpoirier@suse.de> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'fs/binfmt_elf.c')
0 files changed, 0 insertions, 0 deletions