| Message ID | CAG0+Huhm-rwDJ_6+bThsVMDWLK2QxgvsmHinJYXXTTDkBCFmNA@mail.gmail.com |
|---|---|
| State | New |
| Headers | show |
On 12/31/2015 10:34 PM, Alexis D...t wrote: > If a 32 bits l2tpv3 frame cookie MSB if set to 1, the cast to uint64_t > cookie will > spread 1 to the four most significant bytes. > Then the condition (cookie != s->rx_cookie) becomes false. > > Signed-off-by: Alexis Dambricourt <alexis.dambricourt@gmail.com> > --- > net/l2tpv3.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/l2tpv3.c b/net/l2tpv3.c > index 8e68e54..21d6119 100644 > --- a/net/l2tpv3.c > +++ b/net/l2tpv3.c > @@ -325,7 +325,7 @@ static int l2tpv3_verify_header(NetL2TPV3State *s, > uint8_t *buf) > if (s->cookie_is_64) { > cookie = ldq_be_p(buf + s->cookie_offset); > } else { > - cookie = ldl_be_p(buf + s->cookie_offset); > + cookie = ldl_be_p(buf + s->cookie_offset) & 0xffffffffULL; > } > if (cookie != s->rx_cookie) { > if (!s->header_mismatch) { Hi: Patch looks good. But it fails to be applied cleanly: Applying: l2tpv3: fix cookie decoding fatal: corrupt patch at line 10 Patch failed at 0001 l2tpv3: fix cookie decoding It's suggested to use git-foramt-patch(1) and git-send-email(1) to format and send patches.
diff --git a/net/l2tpv3.c b/net/l2tpv3.c index 8e68e54..21d6119 100644 --- a/net/l2tpv3.c +++ b/net/l2tpv3.c @@ -325,7 +325,7 @@ static int l2tpv3_verify_header(NetL2TPV3State *s, uint8_t *buf) if (s->cookie_is_64) { cookie = ldq_be_p(buf + s->cookie_offset); } else { - cookie = ldl_be_p(buf + s->cookie_offset); + cookie = ldl_be_p(buf + s->cookie_offset) & 0xffffffffULL; } if (cookie != s->rx_cookie) {
If a 32 bits l2tpv3 frame cookie MSB if set to 1, the cast to uint64_t cookie will spread 1 to the four most significant bytes. Then the condition (cookie != s->rx_cookie) becomes false. Signed-off-by: Alexis Dambricourt <alexis.dambricourt@gmail.com> --- net/l2tpv3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) if (!s->header_mismatch) {