diff options
| author | Dan Carpenter <dan.carpenter@linaro.org> | 2025-03-10 10:45:53 +0300 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2025-03-12 17:48:26 +0300 |
| commit | 80b78c39eb86e6b55f56363b709eb817527da5aa (patch) | |
| tree | a7e74dd37ffe080a2140ccf5e8ef2d56bb6aa9db /tools/perf/scripts/python/arm-cs-trace-disasm.py | |
| parent | c21b02fd9cbf15aed6e32c89e0fd70070281e3d1 (diff) | |
| download | linux-80b78c39eb86e6b55f56363b709eb817527da5aa.tar.xz | |
ipvs: prevent integer overflow in do_ip_vs_get_ctl()
The get->num_services variable is an unsigned int which is controlled by
the user. The struct_size() function ensures that the size calculation
does not overflow an unsigned long, however, we are saving the result to
an int so the calculation can overflow.
Both "len" and "get->num_services" come from the user. This check is
just a sanity check to help the user and ensure they are using the API
correctly. An integer overflow here is not a big deal. This has no
security impact.
Save the result from struct_size() type size_t to fix this integer
overflow bug.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tools/perf/scripts/python/arm-cs-trace-disasm.py')
0 files changed, 0 insertions, 0 deletions