qed: potential overflow in qed_cxt_src_t2_alloc() - linux - Linux Kernel (branches are rebased on master from time to time)

diff options

author	Dan Carpenter <dan.carpenter@oracle.com>	2016-06-07 15:04:16 +0300
committer	David S. Miller <davem@davemloft.net>	2016-06-08 00:33:25 -0700
commit	01e517f16e38fc2345d4d555a7764b5f3f35af84 (patch)
tree	6b200ac9cb1a5f75e3f9e53052e32d69d5f4191f /net/ipv4/tcp_input.c
parent	f02ea21548171fa3dacc11fbca358a0fc863bb51 (diff)
download	linux-01e517f16e38fc2345d4d555a7764b5f3f35af84.tar.bz2

qed: potential overflow in qed_cxt_src_t2_alloc()

In the current code "ent_per_page" could be more than "conn_num" making "conn_num" negative after the subtraction. In the next iteration through the loop then the negative is treated as a very high positive meaning we don't put a limit on "ent_num". It could lead to memory corruption. Fixes: dbb799c39717 ('qed: Initialize hardware for new protocols') Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Yuval Mintz <Yuval.Mintz@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'net/ipv4/tcp_input.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: