Thread (7 messages) 7 messages, 4 authors, 2025-01-24

Re: [PATCH net] net: netlink: prevent potential integer overflow in nlmsg_new()

From: Jakub Kicinski <kuba@kernel.org>
Date: 2025-01-22 14:24:29
Also in: kernel-janitors, lkml

On Wed, 22 Jan 2025 16:49:17 +0300 Dan Carpenter wrote:
The "payload" variable is type size_t, however the nlmsg_total_size()
function will a few bytes to it and then truncate the result to type
int.  That means that if "payload" is more than UINT_MAX the alloc_skb()
function might allocate a buffer which is smaller than intended.
Is there a bug, or is this theoretical?
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help