write in 30M

hc

2024-02-20 ea08eeccae9297f7aabd2ef7f0c2517ac4549acc

 kernel/net/xfrm/xfrm_replay.c
..
..
@@ -1,21 +1,9 @@
1
+// SPDX-License-Identifier: GPL-2.0-only
1
2
 /*
2
3
  * xfrm_replay.c - xfrm replay detection, derived from xfrm_state.c.
3
4
  *
4
5
  * Copyright (C) 2010 secunet Security Networks AG
5
6
  * Copyright (C) 2010 Steffen Klassert <steffen.klassert@secunet.com>
6
- *
7
- * This program is free software; you can redistribute it and/or modify it
8
- * under the terms and conditions of the GNU General Public License,
9
- * version 2, as published by the Free Software Foundation.
10
- *
11
- * This program is distributed in the hope it will be useful, but WITHOUT
12
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
14
- * more details.
15
- *
16
- * You should have received a copy of the GNU General Public License along with
17
- * this program; if not, write to the Free Software Foundation, Inc.,
18
- * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
19
7
  */
20
8
 
21
9
 #include <linux/export.h>
..
..
@@ -101,7 +89,8 @@
101
89
 	if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
102
90
 		XFRM_SKB_CB(skb)->seq.output.low = ++x->replay.oseq;
103
91
 		XFRM_SKB_CB(skb)->seq.output.hi = 0;
104
-		if (unlikely(x->replay.oseq == 0)) {
92
+		if (unlikely(x->replay.oseq == 0) &&
93
+		    !(x->props.extra_flags & XFRM_SA_XFLAG_OSEQ_MAY_WRAP)) {
105
94
 			x->replay.oseq--;
106
95
 			xfrm_audit_state_replay_overflow(x, skb);
107
96
 			err = -EOVERFLOW;
..
..
@@ -180,7 +169,8 @@
180
169
 	if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
181
170
 		XFRM_SKB_CB(skb)->seq.output.low = ++replay_esn->oseq;
182
171
 		XFRM_SKB_CB(skb)->seq.output.hi = 0;
183
-		if (unlikely(replay_esn->oseq == 0)) {
172
+		if (unlikely(replay_esn->oseq == 0) &&
173
+		    !(x->props.extra_flags & XFRM_SA_XFLAG_OSEQ_MAY_WRAP)) {
184
174
 			replay_esn->oseq--;
185
175
 			xfrm_audit_state_replay_overflow(x, skb);
186
176
 			err = -EOVERFLOW;
..
..
@@ -584,7 +574,8 @@
584
574
 
585
575
 		XFRM_SKB_CB(skb)->seq.output.hi = 0;
586
576
 		xo->seq.hi = 0;
587
-		if (unlikely(oseq < x->replay.oseq)) {
577
+		if (unlikely(oseq < x->replay.oseq) &&
578
+		    !(x->props.extra_flags & XFRM_SA_XFLAG_OSEQ_MAY_WRAP)) {
588
579
 			xfrm_audit_state_replay_overflow(x, skb);
589
580
 			err = -EOVERFLOW;
590
581
 
..
..
@@ -623,7 +614,8 @@
623
614
 
624
615
 		XFRM_SKB_CB(skb)->seq.output.hi = 0;
625
616
 		xo->seq.hi = 0;
626
-		if (unlikely(oseq < replay_esn->oseq)) {
617
+		if (unlikely(oseq < replay_esn->oseq) &&
618
+		    !(x->props.extra_flags & XFRM_SA_XFLAG_OSEQ_MAY_WRAP)) {
627
619
 			xfrm_audit_state_replay_overflow(x, skb);
628
620
 			err = -EOVERFLOW;
629
621
 
..
..
@@ -665,7 +657,7 @@
665
657
 			oseq += skb_shinfo(skb)->gso_segs;
666
658
 		}
667
659
 
668
-		if (unlikely(oseq < replay_esn->oseq)) {
660
+		if (unlikely(xo->seq.low < replay_esn->oseq)) {
669
661
 			XFRM_SKB_CB(skb)->seq.output.hi = ++oseq_hi;
670
662
 			xo->seq.hi = oseq_hi;
671
663
 			replay_esn->oseq_hi = oseq_hi;