diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/xfrm/xfrm_input.c | 2 | ||||
| -rw-r--r-- | net/xfrm/xfrm_replay.c | 17 |
2 files changed, 16 insertions, 3 deletions
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 341cd1189f8a..a026b0ef2443 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c | |||
| @@ -173,7 +173,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) | |||
| 173 | goto drop_unlock; | 173 | goto drop_unlock; |
| 174 | } | 174 | } |
| 175 | 175 | ||
| 176 | if (x->props.replay_window && x->repl->check(x, skb, seq)) { | 176 | if (x->repl->check(x, skb, seq)) { |
| 177 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR); | 177 | XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR); |
| 178 | goto drop_unlock; | 178 | goto drop_unlock; |
| 179 | } | 179 | } |
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c index 2f5be5b15740..f218385950ca 100644 --- a/net/xfrm/xfrm_replay.c +++ b/net/xfrm/xfrm_replay.c | |||
| @@ -118,6 +118,9 @@ static int xfrm_replay_check(struct xfrm_state *x, | |||
| 118 | u32 diff; | 118 | u32 diff; |
| 119 | u32 seq = ntohl(net_seq); | 119 | u32 seq = ntohl(net_seq); |
| 120 | 120 | ||
| 121 | if (!x->props.replay_window) | ||
| 122 | return 0; | ||
| 123 | |||
| 121 | if (unlikely(seq == 0)) | 124 | if (unlikely(seq == 0)) |
| 122 | goto err; | 125 | goto err; |
| 123 | 126 | ||
| @@ -193,9 +196,14 @@ static int xfrm_replay_check_bmp(struct xfrm_state *x, | |||
| 193 | { | 196 | { |
| 194 | unsigned int bitnr, nr; | 197 | unsigned int bitnr, nr; |
| 195 | struct xfrm_replay_state_esn *replay_esn = x->replay_esn; | 198 | struct xfrm_replay_state_esn *replay_esn = x->replay_esn; |
| 199 | u32 pos; | ||
| 196 | u32 seq = ntohl(net_seq); | 200 | u32 seq = ntohl(net_seq); |
| 197 | u32 diff = replay_esn->seq - seq; | 201 | u32 diff = replay_esn->seq - seq; |
| 198 | u32 pos = (replay_esn->seq - 1) % replay_esn->replay_window; | 202 | |
| 203 | if (!replay_esn->replay_window) | ||
| 204 | return 0; | ||
| 205 | |||
| 206 | pos = (replay_esn->seq - 1) % replay_esn->replay_window; | ||
| 199 | 207 | ||
| 200 | if (unlikely(seq == 0)) | 208 | if (unlikely(seq == 0)) |
| 201 | goto err; | 209 | goto err; |
| @@ -373,12 +381,17 @@ static int xfrm_replay_check_esn(struct xfrm_state *x, | |||
| 373 | unsigned int bitnr, nr; | 381 | unsigned int bitnr, nr; |
| 374 | u32 diff; | 382 | u32 diff; |
| 375 | struct xfrm_replay_state_esn *replay_esn = x->replay_esn; | 383 | struct xfrm_replay_state_esn *replay_esn = x->replay_esn; |
| 384 | u32 pos; | ||
| 376 | u32 seq = ntohl(net_seq); | 385 | u32 seq = ntohl(net_seq); |
| 377 | u32 pos = (replay_esn->seq - 1) % replay_esn->replay_window; | ||
| 378 | u32 wsize = replay_esn->replay_window; | 386 | u32 wsize = replay_esn->replay_window; |
| 379 | u32 top = replay_esn->seq; | 387 | u32 top = replay_esn->seq; |
| 380 | u32 bottom = top - wsize + 1; | 388 | u32 bottom = top - wsize + 1; |
| 381 | 389 | ||
| 390 | if (!wsize) | ||
| 391 | return 0; | ||
| 392 | |||
| 393 | pos = (replay_esn->seq - 1) % replay_esn->replay_window; | ||
| 394 | |||
| 382 | if (unlikely(seq == 0 && replay_esn->seq_hi == 0 && | 395 | if (unlikely(seq == 0 && replay_esn->seq_hi == 0 && |
| 383 | (replay_esn->seq < replay_esn->replay_window - 1))) | 396 | (replay_esn->seq < replay_esn->replay_window - 1))) |
| 384 | goto err; | 397 | goto err; |