From: Sabrina Dubroca <sd@queasysnail.net>
To: Nate Karstens <nate.karstens@garmin.com>
Cc: netdev@vger.kernel.org, Nate Karstens <nate.karstens@gmail.com>,
Tom Herbert <tom@quantonium.net>,
Jacob Keller <jacob.e.keller@intel.com>,
stable@vger.kernel.org, "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Simon Horman <horms@kernel.org>,
Martin KaFai Lau <martin.lau@kernel.org>,
Jakub Sitnicki <jakub@cloudflare.com>,
Jiayuan Chen <mrpre@163.com>,
"Dr. David Alan Gilbert" <linux@treblig.org>,
Tom Herbert <tom@herbertland.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH net v2] strparser: Fix signed/unsigned mismatch bug
Date: Fri, 7 Nov 2025 16:01:43 +0100 [thread overview]
Message-ID: <aQ4J169gBFHVzAJa@krikkit> (raw)
In-Reply-To: <20251106222835.1871628-1-nate.karstens@garmin.com>
2025-11-06, 16:28:33 -0600, Nate Karstens wrote:
> The `len` member of the sk_buff is an unsigned int. This is cast to
> `ssize_t` (a signed type) for the first sk_buff in the comparison,
> but not the second sk_buff. On 32-bit systems, this can result in
> an integer underflow for certain values because unsigned arithmetic
> is being used.
>
> This appears to be an oversight: if the intention was to use unsigned
> arithmetic, then the first cast would have been omitted. The change
> ensures both len values are cast to `ssize_t`.
>
> The underflow causes an issue with ktls when multiple TLS PDUs are
> included in a single TCP segment. The mainline kernel does not use
> strparser for ktls anymore, but this is still useful for other
> features that still use strparser, and for backporting.
>
> Signed-off-by: Nate Karstens <nate.karstens@garmin.com>
> Cc: stable@vger.kernel.org
> Fixes: 43a0c6751a32 ("strparser: Stream parser for messages")
> ---
> net/strparser/strparser.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Thanks Nate.
--
Sabrina
next prev parent reply other threads:[~2025-11-07 15:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-06 22:28 [PATCH net v2] strparser: Fix signed/unsigned mismatch bug Nate Karstens
2025-11-07 9:56 ` Jacob Keller
2025-11-07 15:01 ` Sabrina Dubroca [this message]
2025-11-08 2:30 ` patchwork-bot+netdevbpf
-- strict thread matches above, loose matches on Subject: below --
2025-11-06 16:36 [PATCH] " Nate Karstens
2025-11-06 16:51 ` [PATCH net v2] " Nate Karstens
2025-11-06 22:22 ` Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aQ4J169gBFHVzAJa@krikkit \
--to=sd@queasysnail.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=jacob.e.keller@intel.com \
--cc=jakub@cloudflare.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@treblig.org \
--cc=martin.lau@kernel.org \
--cc=mrpre@163.com \
--cc=nate.karstens@garmin.com \
--cc=nate.karstens@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=stable@vger.kernel.org \
--cc=tom@herbertland.com \
--cc=tom@quantonium.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox