2 files changed, 16 insertions, 3 deletions
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 341cd1189f8a..a026b0ef2443 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -173,7 +173,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
                        goto drop_unlock;
                }
-                if (x->props.replay_window && x->repl->check(x, skb, seq)) {
+                if (x->repl->check(x, skb, seq)) {
                        XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);
                        goto drop_unlock;
                }
diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c
index 2f5be5b15740..f218385950ca 100644
--- a/net/xfrm/xfrm_replay.c
+++ b/net/xfrm/xfrm_replay.c
@@ -118,6 +118,9 @@ static int xfrm_replay_check(struct xfrm_state *x,
        u32 diff;
        u32 seq = ntohl(net_seq);
+        if (!x->props.replay_window)
+                return 0;
        if (unlikely(seq == 0))
                goto err;
@@ -193,9 +196,14 @@ static int xfrm_replay_check_bmp(struct xfrm_state *x,
 {
        unsigned int bitnr, nr;
        struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
+        u32 pos;
        u32 seq = ntohl(net_seq);
        u32 diff =  replay_esn->seq - seq;
-        u32 pos = (replay_esn->seq - 1) % replay_esn->replay_window;
+        if (!replay_esn->replay_window)
+                return 0;
+        pos = (replay_esn->seq - 1) % replay_esn->replay_window;
        if (unlikely(seq == 0))
                goto err;
@@ -373,12 +381,17 @@ static int xfrm_replay_check_esn(struct xfrm_state *x,
        unsigned int bitnr, nr;
        u32 diff;
        struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
+        u32 pos;
        u32 seq = ntohl(net_seq);
-        u32 pos = (replay_esn->seq - 1) % replay_esn->replay_window;
        u32 wsize = replay_esn->replay_window;
        u32 top = replay_esn->seq;
        u32 bottom = top - wsize + 1;
+        if (!wsize)
+                return 0;
+        pos = (replay_esn->seq - 1) % replay_esn->replay_window;
        if (unlikely(seq == 0 && replay_esn->seq_hi == 0 &&
                     (replay_esn->seq < replay_esn->replay_window - 1)))
                goto err;

diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 341cd1189f8a..a026b0ef2443 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c
@@ -173,7 +173,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
173	goto drop_unlock;	173	goto drop_unlock;
174	}	174	}
175		175
176	if (x->props.replay_window && x->repl->check(x, skb, seq)) {	176	if (x->repl->check(x, skb, seq)) {
177	XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);	177	XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);
178	goto drop_unlock;	178	goto drop_unlock;
179	}	179	}


diff --git a/net/xfrm/xfrm_replay.c b/net/xfrm/xfrm_replay.c index 2f5be5b15740..f218385950ca 100644 --- a/net/xfrm/xfrm_replay.c +++ b/net/xfrm/xfrm_replay.c
@@ -118,6 +118,9 @@ static int xfrm_replay_check(struct xfrm_state *x,
118	u32 diff;	118	u32 diff;
119	u32 seq = ntohl(net_seq);	119	u32 seq = ntohl(net_seq);
120		120
		121	if (!x->props.replay_window)
		122	return 0;
		123
121	if (unlikely(seq == 0))	124	if (unlikely(seq == 0))
122	goto err;	125	goto err;
123		126
@@ -193,9 +196,14 @@ static int xfrm_replay_check_bmp(struct xfrm_state *x,
193	{	196	{
194	unsigned int bitnr, nr;	197	unsigned int bitnr, nr;
195	struct xfrm_replay_state_esn *replay_esn = x->replay_esn;	198	struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
		199	u32 pos;
196	u32 seq = ntohl(net_seq);	200	u32 seq = ntohl(net_seq);
197	u32 diff = replay_esn->seq - seq;	201	u32 diff = replay_esn->seq - seq;
198	u32 pos = (replay_esn->seq - 1) % replay_esn->replay_window;	202
		203	if (!replay_esn->replay_window)
		204	return 0;
		205
		206	pos = (replay_esn->seq - 1) % replay_esn->replay_window;
199		207
200	if (unlikely(seq == 0))	208	if (unlikely(seq == 0))
201	goto err;	209	goto err;
@@ -373,12 +381,17 @@ static int xfrm_replay_check_esn(struct xfrm_state *x,
373	unsigned int bitnr, nr;	381	unsigned int bitnr, nr;
374	u32 diff;	382	u32 diff;
375	struct xfrm_replay_state_esn *replay_esn = x->replay_esn;	383	struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
		384	u32 pos;
376	u32 seq = ntohl(net_seq);	385	u32 seq = ntohl(net_seq);
377	u32 pos = (replay_esn->seq - 1) % replay_esn->replay_window;
378	u32 wsize = replay_esn->replay_window;	386	u32 wsize = replay_esn->replay_window;
379	u32 top = replay_esn->seq;	387	u32 top = replay_esn->seq;
380	u32 bottom = top - wsize + 1;	388	u32 bottom = top - wsize + 1;
381		389
		390	if (!wsize)
		391	return 0;
		392
		393	pos = (replay_esn->seq - 1) % replay_esn->replay_window;
		394
382	if (unlikely(seq == 0 && replay_esn->seq_hi == 0 &&	395	if (unlikely(seq == 0 && replay_esn->seq_hi == 0 &&
383	(replay_esn->seq < replay_esn->replay_window - 1)))	396	(replay_esn->seq < replay_esn->replay_window - 1)))
384	goto err;	397	goto err;