From: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org> If shift is greater than window bit-width, bit shift results in undefined behaviour. Rewrite code to excplicitly set the mask in such cases.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org> Fixes: https://bugs.linaro.org/show_bug.cgi?id=3999 --- /** Email created from pull request 697 (lumag:ipsec-seq) ** https://github.com/Linaro/odp/pull/697 ** Patch: https://github.com/Linaro/odp/pull/697.patch ** Base sha: 33fbc04b6373960ec3f84de4e7e7b34c49d71508 ** Merge commit sha: ec1eaa3b88c25979551791e3eb7f43ee6b10deed **/ platform/linux-generic/odp_ipsec_sad.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 11f37fd8f..3c19939e4 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -701,18 +701,17 @@ int _odp_ipsec_sa_replay_update(ipsec_sa_t *ipsec_sa, uint32_t seq, if (seq + IPSEC_ANTIREPLAY_WS <= max_seq) { status->error.antireplay = 1; return -1; - } - - if (seq > max_seq) { + } else if (seq >= max_seq + IPSEC_ANTIREPLAY_WS) { + mask = 1; + max_seq = seq; + } else if (seq > max_seq) { mask <<= seq - max_seq; mask |= 1; max_seq = seq; + } else if (mask & (1U << (max_seq - seq))) { + status->error.antireplay = 1; + return -1; } else { - if (mask & (1U << (max_seq - seq))) { - status->error.antireplay = 1; - return -1; - } - mask |= (1U << (max_seq - seq)); }