Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
9b48295e
Commit
9b48295e
authored
Apr 02, 2003
by
Hideaki Yoshifuji
Committed by
David S. Miller
Apr 02, 2003
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[IPSEC]: Use of "sizeof" for header sizes, part II
parent
144894bc
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
26 additions
and
30 deletions
+26
-30
include/linux/ip.h
include/linux/ip.h
+2
-2
include/linux/ipv6.h
include/linux/ipv6.h
+2
-2
net/ipv4/ah.c
net/ipv4/ah.c
+5
-7
net/ipv4/esp.c
net/ipv4/esp.c
+6
-6
net/ipv6/ah6.c
net/ipv6/ah6.c
+5
-7
net/ipv6/esp6.c
net/ipv6/esp6.c
+6
-6
No files found.
include/linux/ip.h
View file @
9b48295e
...
@@ -188,13 +188,13 @@ struct ip_auth_hdr {
...
@@ -188,13 +188,13 @@ struct ip_auth_hdr {
__u16
reserved
;
__u16
reserved
;
__u32
spi
;
__u32
spi
;
__u32
seq_no
;
/* Sequence number */
__u32
seq_no
;
/* Sequence number */
__u8
auth_data
[
4
];
/* Variable len but >=4. Mind the 64 bit alignment! */
__u8
auth_data
[
0
];
/* Variable len but >=4. Mind the 64 bit alignment! */
};
};
struct
ip_esp_hdr
{
struct
ip_esp_hdr
{
__u32
spi
;
__u32
spi
;
__u32
seq_no
;
/* Sequence number */
__u32
seq_no
;
/* Sequence number */
__u8
enc_data
[
8
];
/* Variable len but >=8. Mind the 64 bit alignment! */
__u8
enc_data
[
0
];
/* Variable len but >=8. Mind the 64 bit alignment! */
};
};
#endif
/* _LINUX_IP_H */
#endif
/* _LINUX_IP_H */
include/linux/ipv6.h
View file @
9b48295e
...
@@ -80,13 +80,13 @@ struct ipv6_auth_hdr {
...
@@ -80,13 +80,13 @@ struct ipv6_auth_hdr {
__u16
reserved
;
__u16
reserved
;
__u32
spi
;
__u32
spi
;
__u32
seq_no
;
/* Sequence number */
__u32
seq_no
;
/* Sequence number */
__u8
auth_data
[
4
];
/* Length variable but >=4. Mind the 64 bit alignment! */
__u8
auth_data
[
0
];
/* Length variable but >=4. Mind the 64 bit alignment! */
};
};
struct
ipv6_esp_hdr
{
struct
ipv6_esp_hdr
{
__u32
spi
;
__u32
spi
;
__u32
seq_no
;
/* Sequence number */
__u32
seq_no
;
/* Sequence number */
__u8
enc_data
[
8
];
/* Length variable but >=8. Mind the 64 bit alignment! */
__u8
enc_data
[
0
];
/* Length variable but >=8. Mind the 64 bit alignment! */
};
};
/*
/*
...
...
net/ipv4/ah.c
View file @
9b48295e
...
@@ -9,8 +9,6 @@
...
@@ -9,8 +9,6 @@
#include <asm/scatterlist.h>
#include <asm/scatterlist.h>
#define AH_HLEN_NOICV 12
/* Clear mutable options and find final destination to substitute
/* Clear mutable options and find final destination to substitute
* into IP header for icv calculation. Options are already checked
* into IP header for icv calculation. Options are already checked
* for validity, so paranoia is not required. */
* for validity, so paranoia is not required. */
...
@@ -116,8 +114,8 @@ static int ah_output(struct sk_buff *skb)
...
@@ -116,8 +114,8 @@ static int ah_output(struct sk_buff *skb)
ah
->
nexthdr
=
iph
->
protocol
;
ah
->
nexthdr
=
iph
->
protocol
;
}
}
ahp
=
x
->
data
;
ahp
=
x
->
data
;
ah
->
hdrlen
=
(
XFRM_ALIGN8
(
ahp
->
icv_trunc_len
+
ah
->
hdrlen
=
(
XFRM_ALIGN8
(
sizeof
(
struct
ip_auth_hdr
)
+
AH_HLEN_NOICV
)
>>
2
)
-
2
;
ahp
->
icv_trunc_len
)
>>
2
)
-
2
;
ah
->
reserved
=
0
;
ah
->
reserved
=
0
;
ah
->
spi
=
x
->
id
.
spi
;
ah
->
spi
=
x
->
id
.
spi
;
...
@@ -169,8 +167,8 @@ int ah_input(struct xfrm_state *x, struct sk_buff *skb)
...
@@ -169,8 +167,8 @@ int ah_input(struct xfrm_state *x, struct sk_buff *skb)
ahp
=
x
->
data
;
ahp
=
x
->
data
;
ah_hlen
=
(
ah
->
hdrlen
+
2
)
<<
2
;
ah_hlen
=
(
ah
->
hdrlen
+
2
)
<<
2
;
if
(
ah_hlen
!=
XFRM_ALIGN8
(
ahp
->
icv_full_len
+
AH_HLEN_NOICV
)
&&
if
(
ah_hlen
!=
XFRM_ALIGN8
(
sizeof
(
struct
ip_auth_hdr
)
+
ahp
->
icv_full_len
)
&&
ah_hlen
!=
XFRM_ALIGN8
(
ahp
->
icv_trunc_len
+
AH_HLEN_NOICV
))
ah_hlen
!=
XFRM_ALIGN8
(
sizeof
(
struct
ip_auth_hdr
)
+
ahp
->
icv_trunc_len
))
goto
out
;
goto
out
;
if
(
!
pskb_may_pull
(
skb
,
ah_hlen
))
if
(
!
pskb_may_pull
(
skb
,
ah_hlen
))
...
@@ -286,7 +284,7 @@ static int ah_init_state(struct xfrm_state *x, void *args)
...
@@ -286,7 +284,7 @@ static int ah_init_state(struct xfrm_state *x, void *args)
if
(
!
ahp
->
work_icv
)
if
(
!
ahp
->
work_icv
)
goto
error
;
goto
error
;
x
->
props
.
header_len
=
XFRM_ALIGN8
(
ahp
->
icv_trunc_len
+
AH_HLEN_NOICV
);
x
->
props
.
header_len
=
XFRM_ALIGN8
(
sizeof
(
struct
ip_auth_hdr
)
+
ahp
->
icv_trunc_len
);
if
(
x
->
props
.
mode
)
if
(
x
->
props
.
mode
)
x
->
props
.
header_len
+=
sizeof
(
struct
iphdr
);
x
->
props
.
header_len
+=
sizeof
(
struct
iphdr
);
x
->
data
=
ahp
;
x
->
data
=
ahp
;
...
...
net/ipv4/esp.c
View file @
9b48295e
...
@@ -134,7 +134,7 @@ int esp_output(struct sk_buff *skb)
...
@@ -134,7 +134,7 @@ int esp_output(struct sk_buff *skb)
if
(
esp
->
auth
.
icv_full_len
)
{
if
(
esp
->
auth
.
icv_full_len
)
{
esp
->
auth
.
icv
(
esp
,
skb
,
(
u8
*
)
esph
-
skb
->
data
,
esp
->
auth
.
icv
(
esp
,
skb
,
(
u8
*
)
esph
-
skb
->
data
,
8
+
esp
->
conf
.
ivlen
+
clen
,
trailer
->
tail
);
sizeof
(
struct
ip_esp_hdr
)
+
esp
->
conf
.
ivlen
+
clen
,
trailer
->
tail
);
pskb_put
(
skb
,
trailer
,
alen
);
pskb_put
(
skb
,
trailer
,
alen
);
}
}
...
@@ -171,7 +171,7 @@ int esp_input(struct xfrm_state *x, struct sk_buff *skb)
...
@@ -171,7 +171,7 @@ int esp_input(struct xfrm_state *x, struct sk_buff *skb)
struct
sk_buff
*
trailer
;
struct
sk_buff
*
trailer
;
int
blksize
=
crypto_tfm_alg_blocksize
(
esp
->
conf
.
tfm
);
int
blksize
=
crypto_tfm_alg_blocksize
(
esp
->
conf
.
tfm
);
int
alen
=
esp
->
auth
.
icv_trunc_len
;
int
alen
=
esp
->
auth
.
icv_trunc_len
;
int
elen
=
skb
->
len
-
8
-
esp
->
conf
.
ivlen
-
alen
;
int
elen
=
skb
->
len
-
sizeof
(
struct
ip_esp_hdr
)
-
esp
->
conf
.
ivlen
-
alen
;
int
nfrags
;
int
nfrags
;
if
(
!
pskb_may_pull
(
skb
,
sizeof
(
struct
ip_esp_hdr
)))
if
(
!
pskb_may_pull
(
skb
,
sizeof
(
struct
ip_esp_hdr
)))
...
@@ -220,7 +220,7 @@ int esp_input(struct xfrm_state *x, struct sk_buff *skb)
...
@@ -220,7 +220,7 @@ int esp_input(struct xfrm_state *x, struct sk_buff *skb)
if
(
!
sg
)
if
(
!
sg
)
goto
out
;
goto
out
;
}
}
skb_to_sgvec
(
skb
,
sg
,
8
+
esp
->
conf
.
ivlen
,
elen
);
skb_to_sgvec
(
skb
,
sg
,
sizeof
(
struct
ip_esp_hdr
)
+
esp
->
conf
.
ivlen
,
elen
);
crypto_cipher_decrypt
(
esp
->
conf
.
tfm
,
sg
,
sg
,
elen
);
crypto_cipher_decrypt
(
esp
->
conf
.
tfm
,
sg
,
sg
,
elen
);
if
(
unlikely
(
sg
!=
sgbuf
))
if
(
unlikely
(
sg
!=
sgbuf
))
kfree
(
sg
);
kfree
(
sg
);
...
@@ -237,8 +237,8 @@ int esp_input(struct xfrm_state *x, struct sk_buff *skb)
...
@@ -237,8 +237,8 @@ int esp_input(struct xfrm_state *x, struct sk_buff *skb)
iph
->
protocol
=
nexthdr
[
1
];
iph
->
protocol
=
nexthdr
[
1
];
pskb_trim
(
skb
,
skb
->
len
-
alen
-
padlen
-
2
);
pskb_trim
(
skb
,
skb
->
len
-
alen
-
padlen
-
2
);
memcpy
(
workbuf
,
skb
->
nh
.
raw
,
iph
->
ihl
*
4
);
memcpy
(
workbuf
,
skb
->
nh
.
raw
,
iph
->
ihl
*
4
);
skb
->
h
.
raw
=
skb_pull
(
skb
,
8
+
esp
->
conf
.
ivlen
);
skb
->
h
.
raw
=
skb_pull
(
skb
,
sizeof
(
struct
ip_esp_hdr
)
+
esp
->
conf
.
ivlen
);
skb
->
nh
.
raw
+=
8
+
esp
->
conf
.
ivlen
;
skb
->
nh
.
raw
+=
sizeof
(
struct
ip_esp_hdr
)
+
esp
->
conf
.
ivlen
;
memcpy
(
skb
->
nh
.
raw
,
workbuf
,
iph
->
ihl
*
4
);
memcpy
(
skb
->
nh
.
raw
,
workbuf
,
iph
->
ihl
*
4
);
skb
->
nh
.
iph
->
tot_len
=
htons
(
skb
->
len
);
skb
->
nh
.
iph
->
tot_len
=
htons
(
skb
->
len
);
}
}
...
@@ -365,7 +365,7 @@ int esp_init_state(struct xfrm_state *x, void *args)
...
@@ -365,7 +365,7 @@ int esp_init_state(struct xfrm_state *x, void *args)
get_random_bytes
(
esp
->
conf
.
ivec
,
esp
->
conf
.
ivlen
);
get_random_bytes
(
esp
->
conf
.
ivec
,
esp
->
conf
.
ivlen
);
}
}
crypto_cipher_setkey
(
esp
->
conf
.
tfm
,
esp
->
conf
.
key
,
esp
->
conf
.
key_len
);
crypto_cipher_setkey
(
esp
->
conf
.
tfm
,
esp
->
conf
.
key
,
esp
->
conf
.
key_len
);
x
->
props
.
header_len
=
8
+
esp
->
conf
.
ivlen
;
x
->
props
.
header_len
=
sizeof
(
struct
ip_esp_hdr
)
+
esp
->
conf
.
ivlen
;
if
(
x
->
props
.
mode
)
if
(
x
->
props
.
mode
)
x
->
props
.
header_len
+=
sizeof
(
struct
iphdr
);
x
->
props
.
header_len
+=
sizeof
(
struct
iphdr
);
x
->
data
=
esp
;
x
->
data
=
esp
;
...
...
net/ipv6/ah6.c
View file @
9b48295e
...
@@ -36,8 +36,6 @@
...
@@ -36,8 +36,6 @@
#include <net/xfrm.h>
#include <net/xfrm.h>
#include <asm/scatterlist.h>
#include <asm/scatterlist.h>
#define AH_HLEN_NOICV 12
/* XXX no ipv6 ah specific */
/* XXX no ipv6 ah specific */
#define NIP6(addr) \
#define NIP6(addr) \
ntohs((addr).s6_addr16[0]),\
ntohs((addr).s6_addr16[0]),\
...
@@ -110,8 +108,8 @@ int ah6_output(struct sk_buff *skb)
...
@@ -110,8 +108,8 @@ int ah6_output(struct sk_buff *skb)
skb
->
nh
.
ipv6h
->
hop_limit
=
0
;
skb
->
nh
.
ipv6h
->
hop_limit
=
0
;
ahp
=
x
->
data
;
ahp
=
x
->
data
;
ah
->
hdrlen
=
(
XFRM_ALIGN8
(
ahp
->
icv_trunc_len
+
ah
->
hdrlen
=
(
XFRM_ALIGN8
(
sizeof
(
struct
ipv6_auth_hdr
)
+
AH_HLEN_NOICV
)
>>
2
)
-
2
;
ahp
->
icv_trunc_len
)
>>
2
)
-
2
;
ah
->
reserved
=
0
;
ah
->
reserved
=
0
;
ah
->
spi
=
x
->
id
.
spi
;
ah
->
spi
=
x
->
id
.
spi
;
...
@@ -165,8 +163,8 @@ int ah6_input(struct xfrm_state *x, struct sk_buff *skb)
...
@@ -165,8 +163,8 @@ int ah6_input(struct xfrm_state *x, struct sk_buff *skb)
ahp
=
x
->
data
;
ahp
=
x
->
data
;
ah_hlen
=
(
ah
->
hdrlen
+
2
)
<<
2
;
ah_hlen
=
(
ah
->
hdrlen
+
2
)
<<
2
;
if
(
ah_hlen
!=
XFRM_ALIGN8
(
ahp
->
icv_full_len
+
AH_HLEN_NOICV
)
&&
if
(
ah_hlen
!=
XFRM_ALIGN8
(
sizeof
(
struct
ipv6_auth_hdr
)
+
ahp
->
icv_full_len
)
&&
ah_hlen
!=
XFRM_ALIGN8
(
ahp
->
icv_trunc_len
+
AH_HLEN_NOICV
))
ah_hlen
!=
XFRM_ALIGN8
(
sizeof
(
struct
ipv6_auth_hdr
)
+
ahp
->
icv_trunc_len
))
goto
out
;
goto
out
;
if
(
!
pskb_may_pull
(
skb
,
ah_hlen
))
if
(
!
pskb_may_pull
(
skb
,
ah_hlen
))
...
@@ -285,7 +283,7 @@ static int ah6_init_state(struct xfrm_state *x, void *args)
...
@@ -285,7 +283,7 @@ static int ah6_init_state(struct xfrm_state *x, void *args)
if
(
!
ahp
->
work_icv
)
if
(
!
ahp
->
work_icv
)
goto
error
;
goto
error
;
x
->
props
.
header_len
=
XFRM_ALIGN8
(
ahp
->
icv_trunc_len
+
AH_HLEN_NOICV
);
x
->
props
.
header_len
=
XFRM_ALIGN8
(
sizeof
(
struct
ipv6_auth_hdr
)
+
ahp
->
icv_trunc_len
);
if
(
x
->
props
.
mode
)
if
(
x
->
props
.
mode
)
x
->
props
.
header_len
+=
sizeof
(
struct
ipv6hdr
);
x
->
props
.
header_len
+=
sizeof
(
struct
ipv6hdr
);
x
->
data
=
ahp
;
x
->
data
=
ahp
;
...
...
net/ipv6/esp6.c
View file @
9b48295e
...
@@ -232,7 +232,7 @@ int esp6_output(struct sk_buff *skb)
...
@@ -232,7 +232,7 @@ int esp6_output(struct sk_buff *skb)
if
(
esp
->
auth
.
icv_full_len
)
{
if
(
esp
->
auth
.
icv_full_len
)
{
esp
->
auth
.
icv
(
esp
,
skb
,
(
u8
*
)
esph
-
skb
->
data
,
esp
->
auth
.
icv
(
esp
,
skb
,
(
u8
*
)
esph
-
skb
->
data
,
8
+
esp
->
conf
.
ivlen
+
clen
,
trailer
->
tail
);
sizeof
(
struct
ipv6_esp_hdr
)
+
esp
->
conf
.
ivlen
+
clen
,
trailer
->
tail
);
pskb_put
(
skb
,
trailer
,
alen
);
pskb_put
(
skb
,
trailer
,
alen
);
}
}
...
@@ -262,7 +262,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
...
@@ -262,7 +262,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
struct
sk_buff
*
trailer
;
struct
sk_buff
*
trailer
;
int
blksize
=
crypto_tfm_alg_blocksize
(
esp
->
conf
.
tfm
);
int
blksize
=
crypto_tfm_alg_blocksize
(
esp
->
conf
.
tfm
);
int
alen
=
esp
->
auth
.
icv_trunc_len
;
int
alen
=
esp
->
auth
.
icv_trunc_len
;
int
elen
=
skb
->
len
-
8
-
esp
->
conf
.
ivlen
-
alen
;
int
elen
=
skb
->
len
-
sizeof
(
struct
ipv6_esp_hdr
)
-
esp
->
conf
.
ivlen
-
alen
;
int
hdr_len
=
skb
->
h
.
raw
-
skb
->
nh
.
raw
;
int
hdr_len
=
skb
->
h
.
raw
-
skb
->
nh
.
raw
;
int
nfrags
;
int
nfrags
;
...
@@ -319,7 +319,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
...
@@ -319,7 +319,7 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
if
(
!
sg
)
if
(
!
sg
)
goto
out
;
goto
out
;
}
}
skb_to_sgvec
(
skb
,
sg
,
8
+
esp
->
conf
.
ivlen
,
elen
);
skb_to_sgvec
(
skb
,
sg
,
sizeof
(
struct
ipv6_esp_hdr
)
+
esp
->
conf
.
ivlen
,
elen
);
crypto_cipher_decrypt
(
esp
->
conf
.
tfm
,
sg
,
sg
,
elen
);
crypto_cipher_decrypt
(
esp
->
conf
.
tfm
,
sg
,
sg
,
elen
);
if
(
unlikely
(
sg
!=
sgbuf
))
if
(
unlikely
(
sg
!=
sgbuf
))
kfree
(
sg
);
kfree
(
sg
);
...
@@ -338,8 +338,8 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
...
@@ -338,8 +338,8 @@ int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
ret_nexthdr
=
((
struct
ipv6hdr
*
)
tmp_hdr
)
->
nexthdr
=
nexthdr
[
1
];
ret_nexthdr
=
((
struct
ipv6hdr
*
)
tmp_hdr
)
->
nexthdr
=
nexthdr
[
1
];
pskb_trim
(
skb
,
skb
->
len
-
alen
-
padlen
-
2
);
pskb_trim
(
skb
,
skb
->
len
-
alen
-
padlen
-
2
);
skb
->
h
.
raw
=
skb_pull
(
skb
,
8
+
esp
->
conf
.
ivlen
);
skb
->
h
.
raw
=
skb_pull
(
skb
,
sizeof
(
struct
ipv6_esp_hdr
)
+
esp
->
conf
.
ivlen
);
skb
->
nh
.
raw
+=
8
+
esp
->
conf
.
ivlen
;
skb
->
nh
.
raw
+=
sizeof
(
struct
ipv6_esp_hdr
)
+
esp
->
conf
.
ivlen
;
memcpy
(
skb
->
nh
.
raw
,
tmp_hdr
,
hdr_len
);
memcpy
(
skb
->
nh
.
raw
,
tmp_hdr
,
hdr_len
);
}
}
kfree
(
tmp_hdr
);
kfree
(
tmp_hdr
);
...
@@ -466,7 +466,7 @@ int esp6_init_state(struct xfrm_state *x, void *args)
...
@@ -466,7 +466,7 @@ int esp6_init_state(struct xfrm_state *x, void *args)
get_random_bytes
(
esp
->
conf
.
ivec
,
esp
->
conf
.
ivlen
);
get_random_bytes
(
esp
->
conf
.
ivec
,
esp
->
conf
.
ivlen
);
}
}
crypto_cipher_setkey
(
esp
->
conf
.
tfm
,
esp
->
conf
.
key
,
esp
->
conf
.
key_len
);
crypto_cipher_setkey
(
esp
->
conf
.
tfm
,
esp
->
conf
.
key
,
esp
->
conf
.
key_len
);
x
->
props
.
header_len
=
8
+
esp
->
conf
.
ivlen
;
x
->
props
.
header_len
=
sizeof
(
struct
ipv6_esp_hdr
)
+
esp
->
conf
.
ivlen
;
if
(
x
->
props
.
mode
)
if
(
x
->
props
.
mode
)
x
->
props
.
header_len
+=
sizeof
(
struct
ipv6hdr
);
x
->
props
.
header_len
+=
sizeof
(
struct
ipv6hdr
);
x
->
data
=
esp
;
x
->
data
=
esp
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment