| Message ID | 20110426054232.GI5495@secunet.com |
|---|---|
| State | Superseded, archived |
| Delegated to: | David Miller |
| Headers | show |
On Tue, Apr 26, 2011 at 07:42:32AM +0200, Steffen Klassert wrote: > The check if the replay window is contained within one subspace or > spans over two subspaces causes an unwanted integer underrun on > zero sized replay windows when we subtract minus one. We fix this by > changeing this check to avoid the subtraction. > > Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
On Tue, Apr 26, 2011 at 07:42:32AM +0200, Steffen Klassert wrote: > The check if the replay window is contained within one subspace or > spans over two subspaces causes an unwanted integer underrun on > zero sized replay windows when we subtract minus one. We fix this by > changeing this check to avoid the subtraction. > Don't apply this one, it does not fix the issue completely. I'll send a better one, sorry. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Steffen Klassert <steffen.klassert@secunet.com> Date: Tue, 26 Apr 2011 12:58:40 +0200 > On Tue, Apr 26, 2011 at 07:42:32AM +0200, Steffen Klassert wrote: >> The check if the replay window is contained within one subspace or >> spans over two subspaces causes an unwanted integer underrun on >> zero sized replay windows when we subtract minus one. We fix this by >> changeing this check to avoid the subtraction. >> > > Don't apply this one, it does not fix the issue completely. > I'll send a better one, sorry. Ok. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c index e8a7814..19f94bb 100644 --- a/net/xfrm/xfrm_replay.c +++ b/net/xfrm/xfrm_replay.c @@ -32,7 +32,7 @@ u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 net_seq) seq_hi = replay_esn->seq_hi; bottom = replay_esn->seq - replay_esn->replay_window + 1; - if (likely(replay_esn->seq >= replay_esn->replay_window - 1)) { + if (likely(replay_esn->seq > replay_esn->replay_window)) { /* A. same subspace */ if (unlikely(seq < bottom)) seq_hi++;
The check if the replay window is contained within one subspace or spans over two subspaces causes an unwanted integer underrun on zero sized replay windows when we subtract minus one. We fix this by changeing this check to avoid the subtraction. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> --- net/xfrm/xfrm_replay.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)