Commit b318e0e4ef4e85812c25afa19f75addccc834cd4
Committed by
David S. Miller
David S. Miller
1 parent
45b5035482
Exists in
master
and in
39 other branches
[IPSEC]: Fix bogus usage of u64 on input sequence number
Al Viro spotted a bogus use of u64 on the input sequence number which is big-endian. This patch fixes it by giving the input sequence number its own member in the xfrm_skb_cb structure. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Showing 7 changed files with 15 additions and 10 deletions Side-by-side Diff
include/net/xfrm.h
net/ipv4/ah4.c
net/ipv4/esp4.c
| ... | ... | @@ -199,7 +199,7 @@ |
| 199 | 199 | } |
| 200 | 200 | |
| 201 | 201 | esph->spi = x->id.spi; |
| 202 | - esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq); | |
| 202 | + esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output); | |
| 203 | 203 | |
| 204 | 204 | sg_init_table(sg, nfrags); |
| 205 | 205 | skb_to_sgvec(skb, sg, |
| ... | ... | @@ -210,7 +210,8 @@ |
| 210 | 210 | aead_givcrypt_set_callback(req, 0, esp_output_done, skb); |
| 211 | 211 | aead_givcrypt_set_crypt(req, sg, sg, clen, iv); |
| 212 | 212 | aead_givcrypt_set_assoc(req, asg, sizeof(*esph)); |
| 213 | - aead_givcrypt_set_giv(req, esph->enc_data, XFRM_SKB_CB(skb)->seq); | |
| 213 | + aead_givcrypt_set_giv(req, esph->enc_data, | |
| 214 | + XFRM_SKB_CB(skb)->seq.output); | |
| 214 | 215 | |
| 215 | 216 | ESP_SKB_CB(skb)->tmp = tmp; |
| 216 | 217 | err = crypto_aead_givencrypt(req); |
net/ipv6/ah6.c
net/ipv6/esp6.c
| ... | ... | @@ -188,7 +188,7 @@ |
| 188 | 188 | *skb_mac_header(skb) = IPPROTO_ESP; |
| 189 | 189 | |
| 190 | 190 | esph->spi = x->id.spi; |
| 191 | - esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq); | |
| 191 | + esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output); | |
| 192 | 192 | |
| 193 | 193 | sg_init_table(sg, nfrags); |
| 194 | 194 | skb_to_sgvec(skb, sg, |
| ... | ... | @@ -199,7 +199,8 @@ |
| 199 | 199 | aead_givcrypt_set_callback(req, 0, esp_output_done, skb); |
| 200 | 200 | aead_givcrypt_set_crypt(req, sg, sg, clen, iv); |
| 201 | 201 | aead_givcrypt_set_assoc(req, asg, sizeof(*esph)); |
| 202 | - aead_givcrypt_set_giv(req, esph->enc_data, XFRM_SKB_CB(skb)->seq); | |
| 202 | + aead_givcrypt_set_giv(req, esph->enc_data, | |
| 203 | + XFRM_SKB_CB(skb)->seq.output); | |
| 203 | 204 | |
| 204 | 205 | ESP_SKB_CB(skb)->tmp = tmp; |
| 205 | 206 | err = crypto_aead_givencrypt(req); |
net/xfrm/xfrm_input.c
| ... | ... | @@ -109,7 +109,7 @@ |
| 109 | 109 | if (encap_type < 0) { |
| 110 | 110 | async = 1; |
| 111 | 111 | x = xfrm_input_state(skb); |
| 112 | - seq = XFRM_SKB_CB(skb)->seq; | |
| 112 | + seq = XFRM_SKB_CB(skb)->seq.input; | |
| 113 | 113 | goto resume; |
| 114 | 114 | } |
| 115 | 115 | |
| ... | ... | @@ -175,7 +175,7 @@ |
| 175 | 175 | |
| 176 | 176 | spin_unlock(&x->lock); |
| 177 | 177 | |
| 178 | - XFRM_SKB_CB(skb)->seq = seq; | |
| 178 | + XFRM_SKB_CB(skb)->seq.input = seq; | |
| 179 | 179 | |
| 180 | 180 | nexthdr = x->type->input(x, skb); |
| 181 | 181 |
net/xfrm/xfrm_output.c
| ... | ... | @@ -62,7 +62,7 @@ |
| 62 | 62 | } |
| 63 | 63 | |
| 64 | 64 | if (x->type->flags & XFRM_TYPE_REPLAY_PROT) { |
| 65 | - XFRM_SKB_CB(skb)->seq = ++x->replay.oseq; | |
| 65 | + XFRM_SKB_CB(skb)->seq.output = ++x->replay.oseq; | |
| 66 | 66 | if (unlikely(x->replay.oseq == 0)) { |
| 67 | 67 | XFRM_INC_STATS(LINUX_MIB_XFRMOUTSTATESEQERROR); |
| 68 | 68 | x->replay.oseq--; |