Re: [patch] relay: prevent integer overflow in relay_open()

From: Dan Carpenter
Date: Thu Feb 09 2012 - 07:35:25 EST

Next message: tip-bot for Andreas Herrmann: "[tip:x86/urgent] x86/amd: Fix L1i and L2 cache sharing information for AMD family 15h processors"
Previous message: Danny Kukawka: "Re: [RFC][PATCH 00/50] set addr_assign_type to NET_ADDR_RANDOM if a random mac address get assigned to a netdevice"
In reply to: walter harms: "Re: [patch] relay: prevent integer overflow in relay_open()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 09, 2012 at 12:55:52PM +0100, walter harms wrote:
> numerical this is ok, but ...
> maybe it is better to cap the chan->n_subbufs at a useful number ?

We considered this question already earlier in the thread.

> The user can still allocate an insane number of bytes.
> Restricting subbuf_size*n_subbufs seems more logical (otherwise is this a real problem ?)
>

Yes. It is a real problem.

regards,
dan carpenter

Attachment: signature.asc
Description: Digital signature

Next message: tip-bot for Andreas Herrmann: "[tip:x86/urgent] x86/amd: Fix L1i and L2 cache sharing information for AMD family 15h processors"
Previous message: Danny Kukawka: "Re: [RFC][PATCH 00/50] set addr_assign_type to NET_ADDR_RANDOM if a random mac address get assigned to a netdevice"
In reply to: walter harms: "Re: [patch] relay: prevent integer overflow in relay_open()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]