diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2008-02-13 01:50:35 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-02-13 01:50:35 -0500 |
commit | b318e0e4ef4e85812c25afa19f75addccc834cd4 (patch) | |
tree | 95d51df1aa01978a99e763cd92fd6f7f4647bf20 | |
parent | 45b503548210fe6f23e92b856421c2a3f05fd034 (diff) |
[IPSEC]: Fix bogus usage of u64 on input sequence number
Al Viro spotted a bogus use of u64 on the input sequence number which
is big-endian. This patch fixes it by giving the input sequence number
its own member in the xfrm_skb_cb structure.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/net/xfrm.h | 5 | ||||
-rw-r--r-- | net/ipv4/ah4.c | 2 | ||||
-rw-r--r-- | net/ipv4/esp4.c | 5 | ||||
-rw-r--r-- | net/ipv6/ah6.c | 2 | ||||
-rw-r--r-- | net/ipv6/esp6.c | 5 | ||||
-rw-r--r-- | net/xfrm/xfrm_input.c | 4 | ||||
-rw-r--r-- | net/xfrm/xfrm_output.c | 2 |
7 files changed, 15 insertions, 10 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index ac72116636ca..eea7785cc757 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -508,7 +508,10 @@ struct xfrm_skb_cb { | |||
508 | } header; | 508 | } header; |
509 | 509 | ||
510 | /* Sequence number for replay protection. */ | 510 | /* Sequence number for replay protection. */ |
511 | u64 seq; | 511 | union { |
512 | u64 output; | ||
513 | __be32 input; | ||
514 | } seq; | ||
512 | }; | 515 | }; |
513 | 516 | ||
514 | #define XFRM_SKB_CB(__skb) ((struct xfrm_skb_cb *)&((__skb)->cb[0])) | 517 | #define XFRM_SKB_CB(__skb) ((struct xfrm_skb_cb *)&((__skb)->cb[0])) |
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index 9d4555ec0b59..8219b7e0968d 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c | |||
@@ -96,7 +96,7 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb) | |||
96 | 96 | ||
97 | ah->reserved = 0; | 97 | ah->reserved = 0; |
98 | ah->spi = x->id.spi; | 98 | ah->spi = x->id.spi; |
99 | ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq); | 99 | ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output); |
100 | 100 | ||
101 | spin_lock_bh(&x->lock); | 101 | spin_lock_bh(&x->lock); |
102 | err = ah_mac_digest(ahp, skb, ah->auth_data); | 102 | err = ah_mac_digest(ahp, skb, ah->auth_data); |
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 258d17631b4b..091e6709f831 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
@@ -199,7 +199,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
199 | } | 199 | } |
200 | 200 | ||
201 | esph->spi = x->id.spi; | 201 | esph->spi = x->id.spi; |
202 | esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq); | 202 | esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output); |
203 | 203 | ||
204 | sg_init_table(sg, nfrags); | 204 | sg_init_table(sg, nfrags); |
205 | skb_to_sgvec(skb, sg, | 205 | skb_to_sgvec(skb, sg, |
@@ -210,7 +210,8 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) | |||
210 | aead_givcrypt_set_callback(req, 0, esp_output_done, skb); | 210 | aead_givcrypt_set_callback(req, 0, esp_output_done, skb); |
211 | aead_givcrypt_set_crypt(req, sg, sg, clen, iv); | 211 | aead_givcrypt_set_crypt(req, sg, sg, clen, iv); |
212 | aead_givcrypt_set_assoc(req, asg, sizeof(*esph)); | 212 | aead_givcrypt_set_assoc(req, asg, sizeof(*esph)); |
213 | aead_givcrypt_set_giv(req, esph->enc_data, XFRM_SKB_CB(skb)->seq); | 213 | aead_givcrypt_set_giv(req, esph->enc_data, |
214 | XFRM_SKB_CB(skb)->seq.output); | ||
214 | 215 | ||
215 | ESP_SKB_CB(skb)->tmp = tmp; | 216 | ESP_SKB_CB(skb)->tmp = tmp; |
216 | err = crypto_aead_givencrypt(req); | 217 | err = crypto_aead_givencrypt(req); |
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index 379c8e04c36c..2ff0c8233e47 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c | |||
@@ -283,7 +283,7 @@ static int ah6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
283 | 283 | ||
284 | ah->reserved = 0; | 284 | ah->reserved = 0; |
285 | ah->spi = x->id.spi; | 285 | ah->spi = x->id.spi; |
286 | ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq); | 286 | ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output); |
287 | 287 | ||
288 | spin_lock_bh(&x->lock); | 288 | spin_lock_bh(&x->lock); |
289 | err = ah_mac_digest(ahp, skb, ah->auth_data); | 289 | err = ah_mac_digest(ahp, skb, ah->auth_data); |
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 8e0f1428c716..0ec1402320ea 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c | |||
@@ -188,7 +188,7 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
188 | *skb_mac_header(skb) = IPPROTO_ESP; | 188 | *skb_mac_header(skb) = IPPROTO_ESP; |
189 | 189 | ||
190 | esph->spi = x->id.spi; | 190 | esph->spi = x->id.spi; |
191 | esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq); | 191 | esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output); |
192 | 192 | ||
193 | sg_init_table(sg, nfrags); | 193 | sg_init_table(sg, nfrags); |
194 | skb_to_sgvec(skb, sg, | 194 | skb_to_sgvec(skb, sg, |
@@ -199,7 +199,8 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) | |||
199 | aead_givcrypt_set_callback(req, 0, esp_output_done, skb); | 199 | aead_givcrypt_set_callback(req, 0, esp_output_done, skb); |
200 | aead_givcrypt_set_crypt(req, sg, sg, clen, iv); | 200 | aead_givcrypt_set_crypt(req, sg, sg, clen, iv); |
201 | aead_givcrypt_set_assoc(req, asg, sizeof(*esph)); | 201 | aead_givcrypt_set_assoc(req, asg, sizeof(*esph)); |
202 | aead_givcrypt_set_giv(req, esph->enc_data, XFRM_SKB_CB(skb)->seq); | 202 | aead_givcrypt_set_giv(req, esph->enc_data, |
203 | XFRM_SKB_CB(skb)->seq.output); | ||
203 | 204 | ||
204 | ESP_SKB_CB(skb)->tmp = tmp; | 205 | ESP_SKB_CB(skb)->tmp = tmp; |
205 | err = crypto_aead_givencrypt(req); | 206 | err = crypto_aead_givencrypt(req); |
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 4d6ebc633a94..62188c6a06dd 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c | |||
@@ -109,7 +109,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) | |||
109 | if (encap_type < 0) { | 109 | if (encap_type < 0) { |
110 | async = 1; | 110 | async = 1; |
111 | x = xfrm_input_state(skb); | 111 | x = xfrm_input_state(skb); |
112 | seq = XFRM_SKB_CB(skb)->seq; | 112 | seq = XFRM_SKB_CB(skb)->seq.input; |
113 | goto resume; | 113 | goto resume; |
114 | } | 114 | } |
115 | 115 | ||
@@ -175,7 +175,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) | |||
175 | 175 | ||
176 | spin_unlock(&x->lock); | 176 | spin_unlock(&x->lock); |
177 | 177 | ||
178 | XFRM_SKB_CB(skb)->seq = seq; | 178 | XFRM_SKB_CB(skb)->seq.input = seq; |
179 | 179 | ||
180 | nexthdr = x->type->input(x, skb); | 180 | nexthdr = x->type->input(x, skb); |
181 | 181 | ||
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c index fc690368325f..569d377932c4 100644 --- a/net/xfrm/xfrm_output.c +++ b/net/xfrm/xfrm_output.c | |||
@@ -62,7 +62,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err) | |||
62 | } | 62 | } |
63 | 63 | ||
64 | if (x->type->flags & XFRM_TYPE_REPLAY_PROT) { | 64 | if (x->type->flags & XFRM_TYPE_REPLAY_PROT) { |
65 | XFRM_SKB_CB(skb)->seq = ++x->replay.oseq; | 65 | XFRM_SKB_CB(skb)->seq.output = ++x->replay.oseq; |
66 | if (unlikely(x->replay.oseq == 0)) { | 66 | if (unlikely(x->replay.oseq == 0)) { |
67 | XFRM_INC_STATS(LINUX_MIB_XFRMOUTSTATESEQERROR); | 67 | XFRM_INC_STATS(LINUX_MIB_XFRMOUTSTATESEQERROR); |
68 | x->replay.oseq--; | 68 | x->replay.oseq--; |