aboutsummaryrefslogtreecommitdiffstats
path: root/net/xfrm
diff options
context:
space:
mode:
authorSteffen Klassert <steffen.klassert@secunet.com>2011-06-05 16:46:03 -0400
committerDavid S. Miller <davem@davemloft.net>2011-06-08 00:14:39 -0400
commite756682c8baa47da1648c0c016e9f48ed66bc32d (patch)
treee226eebfbdb826f79607751f719ebaaaf810b229 /net/xfrm
parent665c8c8ee405738375b679246b49342ce38ba056 (diff)
xfrm: Fix off by one in the replay advance functions
We may write 4 byte too much when we reinitialize the anti replay window in the replay advance functions. This patch fixes this by adjusting the last index of the initialization loop. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm')
-rw-r--r--net/xfrm/xfrm_replay.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index 47f1b8638df9..b11ea692bd7d 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -265,7 +265,7 @@ static void xfrm_replay_advance_bmp(struct xfrm_state *x, __be32 net_seq)
265 bitnr = bitnr & 0x1F; 265 bitnr = bitnr & 0x1F;
266 replay_esn->bmp[nr] |= (1U << bitnr); 266 replay_esn->bmp[nr] |= (1U << bitnr);
267 } else { 267 } else {
268 nr = replay_esn->replay_window >> 5; 268 nr = (replay_esn->replay_window - 1) >> 5;
269 for (i = 0; i <= nr; i++) 269 for (i = 0; i <= nr; i++)
270 replay_esn->bmp[i] = 0; 270 replay_esn->bmp[i] = 0;
271 271
@@ -471,7 +471,7 @@ static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq)
471 bitnr = bitnr & 0x1F; 471 bitnr = bitnr & 0x1F;
472 replay_esn->bmp[nr] |= (1U << bitnr); 472 replay_esn->bmp[nr] |= (1U << bitnr);
473 } else { 473 } else {
474 nr = replay_esn->replay_window >> 5; 474 nr = (replay_esn->replay_window - 1) >> 5;
475 for (i = 0; i <= nr; i++) 475 for (i = 0; i <= nr; i++)
476 replay_esn->bmp[i] = 0; 476 replay_esn->bmp[i] = 0;
477 477