From nobody Fri May 23 15:54:06 2025 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4b3qTV2WNhz5vw00 for ; Fri, 23 May 2025 15:54:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4b3qTV1bMKz497p for ; Fri, 23 May 2025 15:54:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1748015646; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1GTIi85O8FvSMI864loNx9+vYvHv27red1HJLydr/DU=; b=Agt+GpkHDcTFnXplJh304Xj94dah7LRpRe+snHWYWi2qiOYE9G7UoRZYHAEhr+seQGCuti eYLHJYLpH7qz4ch1sBCYk1A8cGbjfJdMNIDLAAAXKQquNa4F9wN+dfcW/rOPfiNZVk0ePR GnEsKWdmo24y+hzaah8FGvx+V+nbBlx+u1k70RGjjzmPeBkpfgu/gYm1Zo8utH8vQpsOyO POEzpd4jr/ZGzcP3qJCMJhg3lbmRE9XJDcyj6AMay4zuMttE+eOtLG1m7ewnUkI/+ArGZZ sSftju+g3QoJtRizRWCnGiXKUOv6Z3CVl4jJyQH8WlPH1t8vw/jj/Y0/l8RJLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1748015646; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1GTIi85O8FvSMI864loNx9+vYvHv27red1HJLydr/DU=; b=DKd36HpdwLQVx+I1dr/pqlXnYOsLvd00kIRSA/t+WR4rHOGncsvckuRN3fM1w+5+4GcMMJ 0Ty0PTtqmkw7YVf07SyVYCPxlcCrNWHz6AWWyqRF3hz+hnvfK78Yn+IfYr2g6TzB3VeM1d G1vaFwelP7AVHpcDFLrFUyhpuvsCGxEz5zpwYn1sLGsSWfmv8PFPQdFqTdCLXrbZZ9+OBf 9XA9INQcoBLQONIFUeqBbQDDpE178dcp37s5/Nzm0SJFeX8JhZyg2UjQ+tgFQJuDsVFwTo Stnu+JxZqLN2FDChjgjC2jz4UhcjZL10JSfxSTchbPSpdbAMOxjYwmAhksZCqw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1748015646; a=rsa-sha256; cv=none; b=hrWPORoz9bYd56LCHVY6pGNvJ6dNxi1K1Kw7qbyGje8riGdUxM5zw/020zzRZxmIxBvOwW RhFJDy/zRbHFsVNcWFnS7GpfDM0XmkZSFTHihWPyvEiTt0lw82yLG64guOVQKjEcVLgDIF /cQZG1NKQFdGEtsZNtXSn8Kv3cu3KZsVQKtLNIee2Qcw7QLH6pQcmSYV/pmmR4eG4RKcF/ pCXp49pIXOsT7Pqq97Gvh7bhFNMdAyyUswSRFTnLSCvZltYPLUnc6FbDUlzHmSflkmY+YM pDRglsP+IHUTmwoQiPfXP26ZmLeD51bx9J+Kc3vKiAgHXeghv2vU1anq1GCdKA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4b3qTV1C51z1BMs for ; Fri, 23 May 2025 15:54:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 54NFs6Zo083262 for ; Fri, 23 May 2025 15:54:06 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 54NFs6x1083261 for net@FreeBSD.org; Fri, 23 May 2025 15:54:06 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 281938] Make sure max_len is not 0 before using it as modulo Date: Fri, 23 May 2025 15:54:06 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 15.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: tuexen@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: tuexen@freebsd.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D281938 --- Comment #7 from Michael Tuexen --- (In reply to nakayamakenjiro from comment #0) If we are in the code path you mention, we are in the body of if (len + optlen + ipoptlen > tp->t_maxseg) { flags &=3D ~TH_FIN; if (tso) { /* somewhere here */ } } tso is set by if ((tp->t_flags & TF_TSO) && V_tcp_do_tso && len > tp->t_maxseg && (tp->t_port =3D=3D 0) && ((tp->t_flags & TF_SIGNATURE) =3D=3D 0) && (!sack_rxmit || V_tcp_sack_tso) && (ipoptlen =3D=3D 0 || (ipoptlen =3D=3D ipsec_optlen && (tp->t_flags2 & TF2_IPSEC_TSO) !=3D 0)) && !(flags & TH_SYN)) tso =3D 1; This means that ipoptlen =3D=3D ipsec_optlen in all cases (if ipoptlen =3D= =3D 0, then also ipsec_optlen =3D=3D 0). Therefore tp->t_maxseg >=3D len + optlen + ipo= ptlen holds due to the check in the if condition and finally tp->t_maxseg >=3D le= n + optlen + ipsec_optlen holds, since ipoptlen =3D=3D ipsec_optlen. Therefore max_len =3D tp->t_maxseg - optlen - ipsec_optlen is positive. --=20 You are receiving this mail because: You are on the CC list for the bug.=