Commit:     4c4d51a7316b164ba08af61aa0c124a88bc60450
Parent:     60e5c166413f17d5ef00b4c1f398dbd44291309a
Author:     Herbert Xu <[EMAIL PROTECTED]>
AuthorDate: Thu Apr 5 00:07:39 2007 -0700
Committer:  David S. Miller <[EMAIL PROTECTED]>
CommitDate: Thu Apr 5 00:07:39 2007 -0700

    [IPSEC]: Reject packets within replay window but outside the bit mask
    Up until this point we've accepted replay window settings greater than
    32 but our bit mask can only accomodate 32 packets.  Thus any packet
    with a sequence number within the window but outside the bit mask would
    be accepted.
    This patch causes those packets to be rejected instead.
    Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
    Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
 net/xfrm/xfrm_state.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 5c5f6dc..e3a0bcf 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1371,7 +1371,8 @@ int xfrm_replay_check(struct xfrm_state *x, __be32 
                return 0;
        diff = x->replay.seq - seq;
-       if (diff >= x->props.replay_window) {
+       if (diff >= min_t(unsigned int, x->props.replay_window,
+                         sizeof(x->replay.bitmap) * 8)) {
                return -EINVAL;
