Hi Aviv, thanks for trying to fix the issue. However, this patch introduce more problems.
netlink_esp_hw_offload = UINT_MAX or UINT_MAX-1 netlink_esp_hw_offload + 32 would overflow. ** CID 1455227: (INTEGER_OVERFLOW) /programs/pluto/kernel_netlink.c: 932 in netlink_detect_offload() /programs/pluto/kernel_netlink.c: 924 in netlink_detect_offload() /programs/pluto/kernel_netlink.c: 924 in netlink_detect_offload() ________________________________________________________________________________________________________ *** CID 1455227: (INTEGER_OVERFLOW) /programs/pluto/kernel_netlink.c: 932 in netlink_detect_offload() 926 927 cmd = alloc_bytes(sizeof(*cmd) + sizeof(cmd->features[0]) * blocks, "ethtool_gfeatures"); 928 jam_str(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); 929 ifr.ifr_data = (void *)cmd; 930 cmd->cmd = ETHTOOL_GFEATURES; 931 cmd->size = blocks; >>> CID 1455227: (INTEGER_OVERFLOW) >>> Overflowed or truncated value (or a value computed from an overflowed >>> or truncated value) "blocks - 1" used as array index. 932 if ((ioctl(netlinkfd, SIOCETHTOOL, &ifr) == 0) && 933 (cmd->features[blocks-1].active & feature_bit)) 934 ret = IFNO_SUPPORTED; 935 936 pfree(cmd); 937 /programs/pluto/kernel_netlink.c: 924 in netlink_detect_offload() 918 netlink_find_offload_feature(ifname); 919 920 if (netlink_esp_hw_offload == NIC_OFFLOAD_UNSUPPORTED) 921 return ret; 922 923 /* Feature is supported by kernel. Query device features */ >>> CID 1455227: (INTEGER_OVERFLOW) >>> Add operation overflows on operands "netlink_esp_hw_offload" and "31U". 924 blocks = (netlink_esp_hw_offload + 31) / 32; 925 feature_bit = 1 << (netlink_esp_hw_offload % 31); 926 927 cmd = alloc_bytes(sizeof(*cmd) + sizeof(cmd->features[0]) * blocks, "ethtool_gfeatures"); 928 jam_str(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); 929 ifr.ifr_data = (void *)cmd; /programs/pluto/kernel_netlink.c: 924 in netlink_detect_offload() 918 netlink_find_offload_feature(ifname); 919 920 if (netlink_esp_hw_offload == NIC_OFFLOAD_UNSUPPORTED) 921 return ret; 922 923 /* Feature is supported by kernel. Query device features */ >>> CID 1455227: (INTEGER_OVERFLOW) >>> Add operation overflows on operands "netlink_esp_hw_offload" and "31U". 924 blocks = (netlink_esp_hw_offload + 31) / 32; 925 feature_bit = 1 << (netlink_esp_hw_offload % 31); 926 927 cmd = alloc_bytes(sizeof(*cmd) + sizeof(cmd->features[0]) * blocks, "ethtool_gfeatures"); 928 jam_str(ifr.ifr_name, sizeof(ifr.ifr_name), ifname); 929 ifr.ifr_data = (void *)cmd; On Thu, Aug 31, 2017 at 06:24:07PM +0300, [email protected] wrote: > From: Aviv Heller <[email protected]> > > Use an unsigned type instead. > > Signed-off-by: Aviv Heller <[email protected]> > --- > programs/pluto/kernel_netlink.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/programs/pluto/kernel_netlink.c b/programs/pluto/kernel_netlink.c > index b12d19b..c8f7bfd 100644 > --- a/programs/pluto/kernel_netlink.c > +++ b/programs/pluto/kernel_netlink.c > @@ -96,14 +96,14 @@ > /* Minimum priority number in SPD used by pluto. */ > #define MIN_SPD_PRIORITY 1024 > > -#define NIC_OFFLOAD_UNKNOWN (-2) > -#define NIC_OFFLOAD_UNSUPPORTED (-1) > +#define NIC_OFFLOAD_UNKNOWN (UINT_MAX) > +#define NIC_OFFLOAD_UNSUPPORTED (UINT_MAX - 1) > > static int netlinkfd = NULL_FD; > static int netlink_bcast_fd = NULL_FD; > > #ifdef USE_NIC_OFFLOAD > -static int netlink_esp_hw_offload = NIC_OFFLOAD_UNKNOWN; > +static unsigned int netlink_esp_hw_offload = NIC_OFFLOAD_UNKNOWN; > #endif > > #define NE(x) { x, #x } /* Name Entry -- shorthand for sparse_names */ > -- > 1.8.3.1 > > _______________________________________________ > Swan-dev mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan-dev _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
