From: Xi Wang <xi.wang@gmail.com>
Date: Tue, 22 Nov 2011 15:55:30 +0000 (+0000)
Subject: sctp: integer overflow in sctp_auth_create_key()
X-Git-Tag: firefly_0821_release~3680^2~4018^2~18
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=a5e5c37434eb182cf50cec90d9736d9a9a390116;p=firefly-linux-kernel-4.4.55.git

sctp: integer overflow in sctp_auth_create_key()

The previous commit 30c2235c is incomplete and cannot prevent integer
overflows. For example, when key_len is 0x80000000 (INT_MAX + 1), the
left-hand side of the check, (INT_MAX - key_len), which is unsigned,
becomes 0xffffffff (UINT_MAX) and bypasses the check.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---