Files
linux-stable-mirror/net
Sven Eckelmann 7af8c1c22e batman-adv: tt: prevent TVLV entry number overflow
commit 99d9958fa1 upstream.

The helpers to prepare the buffers for the local and global TT based
replies are trying to sum up all TT entries which can be found for each
VLAN. In theory, this sum can be too big for an u16 and therefore overflow.
A too small buffer would then be allocated for the TVLV.

The too small buffer will be handled gracefully by
batadv_tt_tvlv_generate() and is not causing a buffer overflow - just a
truncated reply. But this overflow shouldn't have happened in the first and
the too small buffer should never have been allocated when an overflow was
detected.

Cc: stable@kernel.org
Fixes: 7ea7b4a142 ("batman-adv: make the TT CRC logic VLAN specific")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2026-07-04 13:38:37 +02:00
..
2026-06-19 13:21:45 +02:00
2026-06-19 13:21:25 +02:00
2026-06-19 13:21:45 +02:00