diff options
author | Xi Wang <xi.wang@gmail.com> | 2011-11-22 15:55:30 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-11-29 00:31:45 -0500 |
commit | a5e5c37434eb182cf50cec90d9736d9a9a390116 (patch) | |
tree | 8b31067a05b221efa900bb333aa58c7fbaffc854 /drivers/input/serio/maceps2.c | |
parent | 2a38e6d5aed24bb7f0211e0819fac8c32c2b5791 (diff) |
sctp: integer overflow in sctp_auth_create_key()
The previous commit 30c2235c is incomplete and cannot prevent integer
overflows. For example, when key_len is 0x80000000 (INT_MAX + 1), the
left-hand side of the check, (INT_MAX - key_len), which is unsigned,
becomes 0xffffffff (UINT_MAX) and bypasses the check.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/input/serio/maceps2.c')
0 files changed, 0 insertions, 0 deletions