Re: [PATCH net,v3] tcp: fix a signed-integer-overflow bug in tcp_add_backlog()

From: Eric Dumazet
Date: Fri Oct 21 2022 - 12:02:02 EST


On Thu, Oct 20, 2022 at 8:03 PM Lu Wei <luwei32@xxxxxxxxxx> wrote:
>
> The type of sk_rcvbuf and sk_sndbuf in struct sock is int, and
> in tcp_add_backlog(), the variable limit is caculated by adding
> sk_rcvbuf, sk_sndbuf and 64 * 1024, it may exceed the max value
> of int and overflow. This patch reduces the limit budget by
> halving the sndbuf to solve this issue since ACK packets are much
> smaller than the payload.
>
> Fixes: c9c3321257e1 ("tcp: add tcp_add_backlog()")
> Signed-off-by: Lu Wei <luwei32@xxxxxxxxxx>

Reviewed-by: Eric Dumazet <edumazet@xxxxxxxxxx>