Re: [PATCH net] xfrm: Rewrite key length conversion to avoid overflows

[PATCH net] xfrm: prevent some integer overflows in verify_ functions · Dan Carpenter <hidden> · 2024-12-17
Re: [PATCH net] xfrm: prevent some integer overflows in verify_ functions · Herbert Xu <herbert@gondor.apana.org.au> · 2024-12-17
Re: [PATCH net] xfrm: prevent some integer overflows in verify_ functions · Dan Carpenter <hidden> · 2024-12-17
[PATCH net] xfrm: Rewrite key length conversion to avoid overflows · Herbert Xu <herbert@gondor.apana.org.au> · 2024-12-18
Re: [PATCH net] xfrm: Rewrite key length conversion to avoid overflows · Dan Carpenter <hidden> · 2024-12-18
Re: [PATCH net] xfrm: Rewrite key length conversion to avoid overflows · Herbert Xu <herbert@gondor.apana.org.au> · 2024-12-18

From: Herbert Xu <herbert@gondor.apana.org.au>
Date: 2024-12-18 11:59:19
Also in: kernel-janitors, linux-hardening, lkml

On Wed, Dec 18, 2024 at 01:54:38PM +0300, Dan Carpenter wrote:

The length is capped in verify_one_alg() type functions:

	if (nla_len(rt) < (int)xfrm_alg_len(algp)) {

nla_len() is a USHRT_MAX so the rounded value can't be higher than that.

Good catch.  I hope a similar limit applies for af_key?

Thanks,
-- 
Email: Herbert Xu [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help