rxgk: Fix potential integer overflow in length check - kernel/linux.git

diff options

author	David Howells <dhowells@redhat.com>	2026-04-22 19:14:34 +0300
committer	Jakub Kicinski <kuba@kernel.org>	2026-04-23 22:40:52 +0300
commit	6929350080f4da292d111a3b33e53138fee51cec (patch)
tree	48a53f5a175ab0773672ee4faba0eaf1858e9941 /include
parent	24481a7f573305706054c59e275371f8d0fe919f (diff)
download	linux-6929350080f4da292d111a3b33e53138fee51cec.tar.xz

rxgk: Fix potential integer overflow in length check

Fix potential integer overflow in rxgk_extract_token() when checking the length of the ticket. Rather than rounding up the value to be tested (which might overflow), round down the size of the available data. Fixes: 2429a1976481 ("rxrpc: Fix untrusted unsigned subtract") Closes: https://sashiko.dev/#/patchset/20260408121252.2249051-1-dhowells%40redhat.com Signed-off-by: David Howells <dhowells@redhat.com> cc: Marc Dionne <marc.dionne@auristor.com> cc: Jeffrey Altman <jaltman@auristor.com> cc: Simon Horman <horms@kernel.org> cc: linux-afs@lists.infradead.org cc: stable@kernel.org Link: https://patch.msgid.link/20260422161438.2593376-6-dhowells@redhat.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Diffstat (limited to 'include')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: