/r/6dddcc45-78db-4659-80a2-3a2758f491a6%40stanley.mountain
patch subject: [PATCH net] ipvs: prevent integer overflow in do_ip_vs_get_ctl()
config: hexagon-allyesconfig
(https://download.01.org/0day-ci/archive/20250309/202503090225.vnvzgefz-...@intel.com/config)
compiler: clang version 18.1.8 (https
Hello,
On Fri, 7 Mar 2025, Dan Carpenter wrote:
> The get->num_services variable is an unsigned int which is controlled by
> the user. The struct_size() function ensures that the size calculation
> does not overflow an unsigned long, however, we are saving the result to
> an int so the
On Friday 2025-03-07 14:44, Dan Carpenter wrote:
> case IP_VS_SO_GET_SERVICES:
> {
> struct ip_vs_get_services *get;
>- int size;
>+ size_t size;
>
> get = (struct ip_vs_get_services *)arg;
> size = struct_size(get,
The get->num_services variable is an unsigned int which is controlled by
the user. The struct_size() function ensures that the size calculation
does not overflow an unsigned long, however, we are saving the result to
an int so the calculation can overflow.
Save the result from struct_size() type
4 matches
Mail list logo
