Re: [PATCH net v4] ipv6: validate extension header length before copying to cmsg
From: Willem de Bruijn
Date: Sat May 16 2026 - 09:41:22 EST
Jakub Kicinski wrote:
> On Thu, 14 May 2026 11:58:02 +0800 Qi Tang wrote:
> > + return (ptr + len <= skb_tail_pointer(skb)) ? len : 0;
>
> This is probably better written as:
>
> return (len <= skb_tail_pointer(skb) - ptr) ? len : 0;
>
> ? len can't be too large so unlikely to matter in practice
> but technically ptr + len may overflow and wrap on 32b?
If making changes, also time to replace the open coded offset with
sizeof ipv6_opt_hdr and opt_hdr->hdrlen?
Or perhaps better left for net-next.