https://bugs.linaro.org/show_bug.cgi?id=3999
Bug ID: 3999
Summary: IPsec antireplay check drops packets when sequence
number jumps.
Product: OpenDataPlane - linux- generic reference
Version: master
Hardware: x86
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: General ODP
Assignee: maxim.uva...@linaro.org
Reporter: janne.pelto...@nokia.com
CC: lng-odp@lists.linaro.org
Target Milestone: ---
The following piece of code in _odp_ipsec_sa_replay_update() shifts the
antireplay window when received sequence number jumps forward.
if (seq > max_seq) {
mask <<= seq - max_seq;
mask |= 1;
max_seq = seq;
The code does not work correctly when the shift amount (i.e. seq - max_seq) is
greater or equal to 32. C standard says this about bitwise shift operations:
"If the value of the right operand is negative or is greater than or equal to
the width of the promoted left operand, the behavior is undefined.".
In my environment (x86_64 & GCC) the actual shift amount happens to be (seq -
max_seq) % 32, leaving some bits set in the window even when the sequence
number jumps more than the window size. As a result, genuine non-replayed
packets will get dropped.
--
You are receiving this mail because:
You are on the CC list for the bug.
