Re: [PATCH net] sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege

From: Xin Long Date: Mon, 18 Dec 2017 14:07:25 +0800 > Now when reneging events in sctp_ulpq_renege(), the variable freed > could be increased by a __u16 value twice while freed is of __u16 > type. It means freed may overflow at the second addition. > > This patch is to fix it by using __u32 typ

Re: [PATCH net] sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege

On Mon, Dec 18, 2017 at 02:07:25PM +0800, Xin Long wrote: > Now when reneging events in sctp_ulpq_renege(), the variable freed > could be increased by a __u16 value twice while freed is of __u16 > type. It means freed may overflow at the second addition. > > This patch is to fix it by using __u32

[PATCH net] sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege

Now when reneging events in sctp_ulpq_renege(), the variable freed could be increased by a __u16 value twice while freed is of __u16 type. It means freed may overflow at the second addition. This patch is to fix it by using __u32 type for 'freed', while at it, also to remove 'if (chunk)' check, as