Skip to content

Commit

Permalink
xfrm: Fix off by one in the replay advance functions
Browse files Browse the repository at this point in the history 
We may write 4 byte too much when we reinitialize the anti replay
window in the replay advance functions. This patch fixes this by
adjusting the last index of the initialization loop.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Steffen Klassert authored and David S. Miller committed Jun 8, 2011
1 parent 665c8c8 commit e756682
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions net/xfrm/xfrm_replay.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -265,7 +265,7 @@ static void xfrm_replay_advance_bmp(struct xfrm_state *x, __be32 net_seq)
bitnr = bitnr & 0x1F;
replay_esn->bmp[nr] |= (1U << bitnr);
} else {
nr = replay_esn->replay_window >> 5;
nr = (replay_esn->replay_window - 1) >> 5;
for (i = 0; i <= nr; i++)
replay_esn->bmp[i] = 0;

Expand Down Expand Up @@ -471,7 +471,7 @@ static void xfrm_replay_advance_esn(struct xfrm_state *x, __be32 net_seq)
bitnr = bitnr & 0x1F;
replay_esn->bmp[nr] |= (1U << bitnr);
} else {
nr = replay_esn->replay_window >> 5;
nr = (replay_esn->replay_window - 1) >> 5;
for (i = 0; i <= nr; i++)
replay_esn->bmp[i] = 0;

Expand Down

0 comments on commit e756682

Please sign in to comment.