linux.git - Linux kernel source tree

diff options

author	David Howells <dhowells@redhat.com>	2026-04-08 13:12:45 +0100
committer	Jakub Kicinski <kuba@kernel.org>	2026-04-08 18:44:34 -0700
commit	699e52180f4231c257821c037ed5c99d5eb0edb8 (patch)
tree	fc4b986b54ff01d900ec288f31e242d967d4f641 /tools/perf/scripts/python/export-to-sqlite.py
parent	f93af41b9f5f798823d0d0fb8765c2a936d76270 (diff)

rxrpc: Fix integer overflow in rxgk_verify_response()

In rxgk_verify_response(), there's a potential integer overflow due to rounding up token_len before checking it, thereby allowing the length check to be bypassed. Fix this by checking the unrounded value against len too (len is limited as the response must fit in a single UDP packet). Fixes: 9d1d2b59341f ("rxrpc: rxgk: Implement the yfs-rxgk security class (GSSAPI)") Closes: https://sashiko.dev/#/patchset/20260401105614.1696001-10-dhowells@redhat.com Signed-off-by: David Howells <dhowells@redhat.com> cc: Marc Dionne <marc.dionne@auristor.com> cc: Jeffrey Altman <jaltman@auristor.com> cc: Simon Horman <horms@kernel.org> cc: linux-afs@lists.infradead.org cc: stable@kernel.org Link: https://patch.msgid.link/20260408121252.2249051-18-dhowells@redhat.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Diffstat (limited to 'tools/perf/scripts/python/export-to-sqlite.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: