From: Xi Wang Date: Tue, 22 Nov 2011 15:55:30 +0000 (+0000) Subject: sctp: integer overflow in sctp_auth_create_key() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=a5e5c37434eb182cf50cec90d9736d9a9a390116;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git sctp: integer overflow in sctp_auth_create_key() The previous commit 30c2235c is incomplete and cannot prevent integer overflows. For example, when key_len is 0x80000000 (INT_MAX + 1), the left-hand side of the check, (INT_MAX - key_len), which is unsigned, becomes 0xffffffff (UINT_MAX) and bypasses the check. Signed-off-by: Xi Wang Signed-off-by: David S. Miller ---