Merge branch 'linus' into x86/core

author: H. Peter Anvin <hpa@zytor.com> 2008-09-04 08:09:09 -0700
committer: H. Peter Anvin <hpa@zytor.com> 2008-09-04 08:09:09 -0700
commit: 0ccd8c39bc664bf5e9fcc26caad50cc17ff866d1 (patch)
tree: 29cec0edf3acf18c6978b750a8d6560f445df6df /net/sctp/auth.c
parent: 1625324d22409e32e3f8eb86018cad72e1c09d61 (diff)
parent: ec0c15afb41fd9ad45b53468b60db50170e22346 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/net/sctp/auth.c b/net/sctp/auth.c
index 675a5c3e68a6..52db5f60daa0 100644
--- a/net/sctp/auth.c
+++ b/net/sctp/auth.c
@@ -80,6 +80,10 @@ static struct sctp_auth_bytes *sctp_auth_create_key(__u32 key_len, gfp_t gfp)
 {
 	struct sctp_auth_bytes *key;
 
+	/* Verify that we are not going to overflow INT_MAX */
+	if ((INT_MAX - key_len) < sizeof(struct sctp_auth_bytes))
+		return NULL;
+
 	/* Allocate the shared key */
 	key = kmalloc(sizeof(struct sctp_auth_bytes) + key_len, gfp);
 	if (!key)
@@ -782,6 +786,9 @@ int sctp_auth_ep_set_hmacs(struct sctp_endpoint *ep,
 	for (i = 0; i < hmacs->shmac_num_idents; i++) {
 		id = hmacs->shmac_idents[i];
 
+		if (id > SCTP_AUTH_HMAC_ID_MAX)
+			return -EOPNOTSUPP;
+
 		if (SCTP_AUTH_HMAC_ID_SHA1 == id)
 			has_sha1 = 1;
author	H. Peter Anvin <hpa@zytor.com>	2008-09-04 08:09:09 -0700
committer	H. Peter Anvin <hpa@zytor.com>	2008-09-04 08:09:09 -0700
commit	0ccd8c39bc664bf5e9fcc26caad50cc17ff866d1 (patch)
tree	29cec0edf3acf18c6978b750a8d6560f445df6df /net/sctp/auth.c
parent	1625324d22409e32e3f8eb86018cad72e1c09d61 (diff)
parent	ec0c15afb41fd9ad45b53468b60db50170e22346 (diff)