diff options
| author | Gerrit Renker <gerrit@erg.abdn.ac.uk> | 2007-10-04 17:43:09 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 19:54:35 -0400 |
| commit | 5e28599a6e45eb8ce7e50510b06c3a34ebf1a8fa (patch) | |
| tree | ff6a34c677f1c16a5fd0921f75fbe58a1568ca6e | |
| parent | 6c583248083c30c5305ec561e79f666ca465b376 (diff) | |
[CCID2]: Sequence number wraparound issues
This replaces several uses of standard arithmetic with the DCCP
sequence number arithmetic functions. The problem here is that the
sequence number wrap-around was not taken into consideration.
* Condition "seqp->ccid2s_seq <= prev->ccid2s_seq" has been replaced
by
dccp_delta_seqno(seqp->ccid2s_seq, prev->ccid2s_seq) >= 0
since if seqp is `before' prev, then the delta_seqno() is positive.
* The test whether sequence numbers `a' and `b' are consecutive has
the form
dccp_delta_seqno(a, b) == 1
* Increment of ccid2hctx_rpseq could be done using dccp_inc_seqno(),
but since here the incremented ccid2hctx_rpseq == seqno, used
assignment instead.
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/dccp/ccids/ccid2.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/net/dccp/ccids/ccid2.c b/net/dccp/ccids/ccid2.c index 1dff4188f3f5..426008e3b7e3 100644 --- a/net/dccp/ccids/ccid2.c +++ b/net/dccp/ccids/ccid2.c | |||
| @@ -59,7 +59,8 @@ static void ccid2_hc_tx_check_sanity(const struct ccid2_hc_tx_sock *hctx) | |||
| 59 | pipe++; | 59 | pipe++; |
| 60 | 60 | ||
| 61 | /* packets are sent sequentially */ | 61 | /* packets are sent sequentially */ |
| 62 | BUG_ON(seqp->ccid2s_seq <= prev->ccid2s_seq); | 62 | BUG_ON(dccp_delta_seqno(seqp->ccid2s_seq, |
| 63 | prev->ccid2s_seq ) >= 0); | ||
| 63 | BUG_ON(time_before(seqp->ccid2s_sent, | 64 | BUG_ON(time_before(seqp->ccid2s_sent, |
| 64 | prev->ccid2s_sent)); | 65 | prev->ccid2s_sent)); |
| 65 | 66 | ||
| @@ -562,8 +563,8 @@ static void ccid2_hc_tx_packet_recv(struct sock *sk, struct sk_buff *skb) | |||
| 562 | hctx->ccid2hctx_rpseq = seqno; | 563 | hctx->ccid2hctx_rpseq = seqno; |
| 563 | } else { | 564 | } else { |
| 564 | /* check if packet is consecutive */ | 565 | /* check if packet is consecutive */ |
| 565 | if ((hctx->ccid2hctx_rpseq + 1) == seqno) | 566 | if (dccp_delta_seqno(hctx->ccid2hctx_rpseq, seqno) == 1) |
| 566 | hctx->ccid2hctx_rpseq++; | 567 | hctx->ccid2hctx_rpseq = seqno; |
| 567 | /* it's a later packet */ | 568 | /* it's a later packet */ |
| 568 | else if (after48(seqno, hctx->ccid2hctx_rpseq)) { | 569 | else if (after48(seqno, hctx->ccid2hctx_rpseq)) { |
| 569 | hctx->ccid2hctx_rpdupack++; | 570 | hctx->ccid2hctx_rpdupack++; |