Commit e2f67259 authored by Nickolai Zeldovich's avatar Nickolai Zeldovich Committed by Steffen Klassert

net/xfrm/xfrm_replay: avoid division by zero

All of the xfrm_replay->advance functions in xfrm_replay.c check if
x->replay_esn->replay_window is zero (and return if so).  However,
one of them, xfrm_replay_advance_bmp(), divides by that value (in the
'%' operator) before doing the check, which can potentially trigger
a divide-by-zero exception.  Some compilers will also assume that the
earlier division means the value cannot be zero later, and thus will
eliminate the subsequent zero check as dead code.

This patch moves the division to after the check.
Signed-off-by: default avatarNickolai Zeldovich <nickolai@csail.mit.edu>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent a9403f8a
...@@ -242,11 +242,13 @@ static void xfrm_replay_advance_bmp(struct xfrm_state *x, __be32 net_seq) ...@@ -242,11 +242,13 @@ static void xfrm_replay_advance_bmp(struct xfrm_state *x, __be32 net_seq)
u32 diff; u32 diff;
struct xfrm_replay_state_esn *replay_esn = x->replay_esn; struct xfrm_replay_state_esn *replay_esn = x->replay_esn;
u32 seq = ntohl(net_seq); u32 seq = ntohl(net_seq);
u32 pos = (replay_esn->seq - 1) % replay_esn->replay_window; u32 pos;
if (!replay_esn->replay_window) if (!replay_esn->replay_window)
return; return;
pos = (replay_esn->seq - 1) % replay_esn->replay_window;
if (seq > replay_esn->seq) { if (seq > replay_esn->seq) {
diff = seq - replay_esn->seq; diff = seq - replay_esn->seq;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment