Skip to content

Commit

Permalink
sctp: integer overflow in sctp_auth_create_key()
Browse files Browse the repository at this point in the history 
The previous commit 30c2235 is incomplete and cannot prevent integer
overflows. For example, when key_len is 0x80000000 (INT_MAX + 1), the
left-hand side of the check, (INT_MAX - key_len), which is unsigned,
becomes 0xffffffff (UINT_MAX) and bypasses the check.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Xi Wang authored and David S. Miller committed Nov 29, 2011
1 parent 2a38e6d commit a5e5c37
Showing 0 changed files with 0 additions and 0 deletions.

0 comments on commit a5e5c37

Please sign in to comment.