tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

xfrm: Move the test on replay window size into the replay check functions

As it is, the replay check is just performed if the replay window of the
legacy implementation is nonzero. So we move the test on a nonzero replay
window inside the replay check functions to be sure we are testing for the
right implementation.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by Steffen Klassert and committed by David S. Miller 36ae0148 72f49050

+16 -3
unified split
+1 -1
net/xfrm/xfrm_input.c
··· 173 173 goto drop_unlock; 174 174 } 175 175 176 - if (x->props.replay_window && x->repl->check(x, skb, seq)) { 176 + if (x->repl->check(x, skb, seq)) { 177 177 XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR); 178 178 goto drop_unlock; 179 179 }
+15 -2
net/xfrm/xfrm_replay.c
··· 118 118 u32 diff; 119 119 u32 seq = ntohl(net_seq); 120 120 121 + if (!x->props.replay_window) 122 + return 0; 123 + 121 124 if (unlikely(seq == 0)) 122 125 goto err; 123 126 ··· 196 193 { 197 194 unsigned int bitnr, nr; 198 195 struct xfrm_replay_state_esn *replay_esn = x->replay_esn; 196 + u32 pos; 199 197 u32 seq = ntohl(net_seq); 200 198 u32 diff = replay_esn->seq - seq; 201 - u32 pos = (replay_esn->seq - 1) % replay_esn->replay_window; 199 + 200 + if (!replay_esn->replay_window) 201 + return 0; 202 + 203 + pos = (replay_esn->seq - 1) % replay_esn->replay_window; 202 204 203 205 if (unlikely(seq == 0)) 204 206 goto err; ··· 381 373 unsigned int bitnr, nr; 382 374 u32 diff; 383 375 struct xfrm_replay_state_esn *replay_esn = x->replay_esn; 376 + u32 pos; 384 377 u32 seq = ntohl(net_seq); 385 - u32 pos = (replay_esn->seq - 1) % replay_esn->replay_window; 386 378 u32 wsize = replay_esn->replay_window; 387 379 u32 top = replay_esn->seq; 388 380 u32 bottom = top - wsize + 1; 381 + 382 + if (!wsize) 383 + return 0; 384 + 385 + pos = (replay_esn->seq - 1) % replay_esn->replay_window; 389 386 390 387 if (unlikely(seq == 0 && replay_esn->seq_hi == 0 && 391 388 (replay_esn->seq < replay_esn->replay_window - 1)))