a28d0e873d2899bd750ae495f84fe9c1a2f53809 - kernel/msm-5.4

commit	a28d0e873d2899bd750ae495f84fe9c1a2f53809	[log] [tgz]
author	Dan Carpenter <dan.carpenter@oracle.com>	Thu Jul 17 13:50:45 2014 +0300
committer	David S. Miller <davem@davemloft.net>	Thu Jul 17 16:47:50 2014 -0700
tree	c298871f2dfa4dc8f93e0f2928aa844b1cda20f1
parent	cc25eaae238ddd693aa5eaa73e565d8ff4915f6e [diff]

wan/x25_asy: integer overflow in x25_asy_change_mtu()

If "newmtu * 2 + 4" is too large then it can cause an integer overflow
leading to memory corruption.  Eric Dumazet suggests that 65534 is a
reasonable upper limit.

Btw, "newmtu" is not allowed to be a negative number because of the
check in dev_set_mtu(), so that's ok.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

drivers/net/wan/x25_asy.c[diff]

1 file changed

tree: c298871f2dfa4dc8f93e0f2928aa844b1cda20f1