Skip to content

Commit

Permalink
esp4: Fix integrity verification when ESN are used
Browse files Browse the repository at this point in the history 
commit 7c7fedd upstream.

When handling inbound packets, the two halves of the sequence number
stored on the skb are already in network order.

Fixes: 7021b2e ("esp4: Switch to new AEAD interface")
Signed-off-by: Tobias Brunner <tobias@strongswan.org>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  • Loading branch information
Tobias Brunner authored and Greg Kroah-Hartman committed Dec 10, 2016
1 parent be53394 commit b3e9d49
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion net/ipv4/esp4.c
View file
Original file line number Diff line number Diff line change
@@ -476,7 +476,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
esph = (void *)skb_push(skb, 4);
*seqhi = esph->spi;
esph->spi = esph->seq_no;
esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.input.hi);
esph->seq_no = XFRM_SKB_CB(skb)->seq.input.hi;
aead_request_set_callback(req, 0, esp_input_done_esn, skb);
}

0 comments on commit b3e9d49

Please sign in to comment.