2 files changed, 10 insertions, 2 deletions

diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index b203e14d26b7..4de7ed9016d9 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -827,6 +827,14 @@ static inline bool addr_match(const void *token1, const void *token2,
         return true;
 }
 
+static inline bool addr4_match(__be32 a1, __be32 a2, u8 prefixlen)
+{
+        /* C99 6.5.7 (3): u32 << 32 is undefined behaviour */
+        if (prefixlen == 0)
+                return true;
+        return !((a1 ^ a2) & htonl(0xFFFFFFFFu << (32 - prefixlen)));
+}
+
 static __inline__
 __be16 xfrm_flowi_sport(const struct flowi *fl, const union flowi_uli *uli)
 {
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 552df27dcf53..593c8a1f1440 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -61,8 +61,8 @@ __xfrm4_selector_match(const struct xfrm_selector *sel, const struct flowi *fl)
 {
         const struct flowi4 *fl4 = &fl->u.ip4;
 
-        return  addr_match(&fl4->daddr, &sel->daddr, sel->prefixlen_d) &&
-                addr_match(&fl4->saddr, &sel->saddr, sel->prefixlen_s) &&
+        return  addr4_match(fl4->daddr, sel->daddr.a4, sel->prefixlen_d) &&
+                addr4_match(fl4->saddr, sel->saddr.a4, sel->prefixlen_s) &&
                 !((xfrm_flowi_dport(fl, &fl4->uli) ^ sel->dport) & sel->dport_mask) &&
                 !((xfrm_flowi_sport(fl, &fl4->uli) ^ sel->sport) & sel->sport_mask) &&
                 (fl4->flowi4_proto == sel->proto || !sel->proto) &&