summaryrefslogtreecommitdiffstats
path: root/net/core
diff options
context:
space:
mode:
authorDaniel Borkmann <dborkman@redhat.com>2013-08-05 12:49:35 +0200
committerDavid S. Miller <davem@davemloft.net>2013-08-05 12:26:50 -0700
commit7921895a5e852fc99de347bc0600659997de9298 (patch)
tree0806f91433c6a67fa20a679d9c5db4809cf981d9 /net/core
parent07ce76aa9bcf8bc106a53c67548c5602f1598595 (diff)
downloadlinux-7921895a5e852fc99de347bc0600659997de9298.tar.bz2
net: esp{4,6}: fix potential MTU calculation overflows
Commit 91657eafb ("xfrm: take net hdr len into account for esp payload size calculation") introduced a possible interger overflow in esp{4,6}_get_mtu() handlers in case of x->props.mode equals XFRM_MODE_TUNNEL. Thus, the following expression will overflow unsigned int net_adj; ... <case ipv{4,6} XFRM_MODE_TUNNEL> net_adj = 0; ... return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) - net_adj) & ~(align - 1)) + (net_adj - 2); where (net_adj - 2) would be evaluated as <foo> + (0 - 2) in an unsigned context. Fix it by simply removing brackets as those operations here do not need to have special precedence. Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Cc: Benjamin Poirier <bpoirier@suse.de> Cc: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Benjamin Poirier <bpoirier@suse.de> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/core')
0 files changed, 0 insertions, 0 deletions