projects / linux-2.6-microblaze.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a58f00e)
mptcp: fix possible integer overflow in mptcp_reset_tout_timer
authorDmitry Kandybka <d.kandybka@gmail.com>
Thu, 7 Nov 2024 10:36:57 +0000 (13:36 +0300)
committerJakub Kicinski <kuba@kernel.org>
Wed, 13 Nov 2024 02:11:23 +0000 (18:11 -0800)
In 'mptcp_reset_tout_timer', promote 'probe_timestamp' to unsigned long
to avoid possible integer overflow. Compile tested only.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Dmitry Kandybka <d.kandybka@gmail.com>
Link: https://patch.msgid.link/20241107103657.1560536-1-d.kandybka@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
net/mptcp/protocol.c patch | blob | history

diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index b0e9a74..a6f2a25 100644 (file)
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -2722,8 +2722,8 @@ void mptcp_reset_tout_timer(struct mptcp_sock *msk, unsigned long fail_tout)
        if (!fail_tout && !inet_csk(sk)->icsk_mtup.probe_timestamp)
                return;
 
-       close_timeout = inet_csk(sk)->icsk_mtup.probe_timestamp - tcp_jiffies32 + jiffies +
-                       mptcp_close_timeout(sk);
+       close_timeout = (unsigned long)inet_csk(sk)->icsk_mtup.probe_timestamp -
+                       tcp_jiffies32 + jiffies + mptcp_close_timeout(sk);
 
        /* the close timeout takes precedence on the fail one, and here at least one of
         * them is active
MicroBlaze GIT Repository