Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5e708e47 authored by Alexey Dobriyan's avatar Alexey Dobriyan Committed by Steffen Klassert
Browse files

xfrm: make xfrm_replay_state_esn_len() return unsigned int 



Replay detection bitmaps can't have negative length.

Comparisons with nla_len() are left signed just in case negative value
can sneak in there.

Propagate unsignedness for code size savings:

	add/remove: 0/0 grow/shrink: 0/5 up/down: 0/-38 (-38)
	function                                     old     new   delta
	xfrm_state_construct                        1802    1800      -2
	xfrm_update_ae_params                        295     289      -6
	xfrm_state_migrate                          1345    1339      -6
	xfrm_replay_notify_esn                       349     337     -12
	xfrm_replay_notify_bmp                       345     333     -12

Signed-off-by: default avatarAlexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent 1bd963a7

include/net/xfrm.h

+1 −1
Original line number Diff line number Diff line
@@ -1779,7 +1779,7 @@ static inline unsigned int xfrm_alg_auth_len(const struct xfrm_algo_auth *alg) 
	return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);

}



static inline int xfrm_replay_state_esn_len(struct xfrm_replay_state_esn *replay_esn)

static inline unsigned int xfrm_replay_state_esn_len(struct xfrm_replay_state_esn *replay_esn)

{

	return sizeof(*replay_esn) + replay_esn->bmp_len * sizeof(__u32);

}

net/xfrm/xfrm_user.c

+5 −5
Original line number Diff line number Diff line
@@ -130,7 +130,7 @@ static inline int verify_replay(struct xfrm_usersa_info *p, 
		if (rs->bmp_len > XFRMA_REPLAY_ESN_MAX / sizeof(rs->bmp[0]) / 8)

			return -EINVAL;



		if (nla_len(rt) < xfrm_replay_state_esn_len(rs) &&

		if (nla_len(rt) < (int)xfrm_replay_state_esn_len(rs) &&

		    nla_len(rt) != sizeof(*rs))

			return -EINVAL;

	}
@@ -404,7 +404,7 @@ static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_es 
					 struct nlattr *rp)

{

	struct xfrm_replay_state_esn *up;

	int ulen;

	unsigned int ulen;



	if (!replay_esn || !rp)

		return 0;
@@ -414,7 +414,7 @@ static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_es 


	/* Check the overall length and the internal bitmap length to avoid

	 * potential overflow. */

	if (nla_len(rp) < ulen ||

	if (nla_len(rp) < (int)ulen ||

	    xfrm_replay_state_esn_len(replay_esn) != ulen ||

	    replay_esn->bmp_len != up->bmp_len)

		return -EINVAL;
@@ -430,14 +430,14 @@ static int xfrm_alloc_replay_state_esn(struct xfrm_replay_state_esn **replay_esn 
				       struct nlattr *rta)

{

	struct xfrm_replay_state_esn *p, *pp, *up;

	int klen, ulen;

	unsigned int klen, ulen;



	if (!rta)

		return 0;



	up = nla_data(rta);

	klen = xfrm_replay_state_esn_len(up);

	ulen = nla_len(rta) >= klen ? klen : sizeof(*up);

	ulen = nla_len(rta) >= (int)klen ? klen : sizeof(*up);



	p = kzalloc(klen, GFP_KERNEL);

	if (!p)