From 30a553ef8071d60896eaebdea8b85b3b4e4efdab Mon Sep 17 00:00:00 2001
From: Tim Schumacher <timschumi@gmx.de>
Date: Tue, 13 Dec 2022 12:39:52 +0100
Subject: [PATCH] Kernel: Check against TCP packet size overflows in checksum
 calculation

---
 Kernel/Net/TCPSocket.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Kernel/Net/TCPSocket.cpp b/Kernel/Net/TCPSocket.cpp
index d94a8976ae..b053d61bd4 100644
--- a/Kernel/Net/TCPSocket.cpp
+++ b/Kernel/Net/TCPSocket.cpp
@@ -372,7 +372,11 @@ NetworkOrdered<u16> TCPSocket::compute_tcp_checksum(IPv4Address const& source, I
     };
     static_assert(sizeof(PseudoHeader) == 12);
 
-    PseudoHeader pseudo_header { .header = { source, destination, 0, (u8)IPv4Protocol::TCP, packet.header_size() + payload_size } };
+    Checked<u16> packet_size = packet.header_size();
+    packet_size += payload_size;
+    VERIFY(!packet_size.has_overflow());
+
+    PseudoHeader pseudo_header { .header = { source, destination, 0, (u8)IPv4Protocol::TCP, packet_size.value() } };
 
     u32 checksum = 0;
     auto* raw_pseudo_header = pseudo_header.raw;