From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Thu, 17 Jul 2014 10:50:45 +0000 (+0300)
Subject: wan/x25_asy: integer overflow in x25_asy_change_mtu()
X-Git-Tag: omap-for-v3.17/fixes-against-rc2~244^2~7
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a28d0e873d2899bd750ae495f84fe9c1a2f53809;p=pandora-kernel.git

wan/x25_asy: integer overflow in x25_asy_change_mtu()

If "newmtu * 2 + 4" is too large then it can cause an integer overflow
leading to memory corruption.  Eric Dumazet suggests that 65534 is a
reasonable upper limit.

Btw, "newmtu" is not allowed to be a negative number because of the
check in dev_set_mtu(), so that's ok.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed