diff options
author | Gerrit Renker <gerrit@erg.abdn.ac.uk> | 2007-10-05 01:43:09 +0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-11 03:54:35 +0400 |
commit | 5e28599a6e45eb8ce7e50510b06c3a34ebf1a8fa (patch) | |
tree | ff6a34c677f1c16a5fd0921f75fbe58a1568ca6e | |
parent | 6c583248083c30c5305ec561e79f666ca465b376 (diff) | |
download | linux-5e28599a6e45eb8ce7e50510b06c3a34ebf1a8fa.tar.xz |
[CCID2]: Sequence number wraparound issues
This replaces several uses of standard arithmetic with the DCCP
sequence number arithmetic functions. The problem here is that the
sequence number wrap-around was not taken into consideration.
* Condition "seqp->ccid2s_seq <= prev->ccid2s_seq" has been replaced
by
dccp_delta_seqno(seqp->ccid2s_seq, prev->ccid2s_seq) >= 0
since if seqp is `before' prev, then the delta_seqno() is positive.
* The test whether sequence numbers `a' and `b' are consecutive has
the form
dccp_delta_seqno(a, b) == 1
* Increment of ccid2hctx_rpseq could be done using dccp_inc_seqno(),
but since here the incremented ccid2hctx_rpseq == seqno, used
assignment instead.
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/dccp/ccids/ccid2.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/net/dccp/ccids/ccid2.c b/net/dccp/ccids/ccid2.c index 1dff4188f3f5..426008e3b7e3 100644 --- a/net/dccp/ccids/ccid2.c +++ b/net/dccp/ccids/ccid2.c @@ -59,7 +59,8 @@ static void ccid2_hc_tx_check_sanity(const struct ccid2_hc_tx_sock *hctx) pipe++; /* packets are sent sequentially */ - BUG_ON(seqp->ccid2s_seq <= prev->ccid2s_seq); + BUG_ON(dccp_delta_seqno(seqp->ccid2s_seq, + prev->ccid2s_seq ) >= 0); BUG_ON(time_before(seqp->ccid2s_sent, prev->ccid2s_sent)); @@ -562,8 +563,8 @@ static void ccid2_hc_tx_packet_recv(struct sock *sk, struct sk_buff *skb) hctx->ccid2hctx_rpseq = seqno; } else { /* check if packet is consecutive */ - if ((hctx->ccid2hctx_rpseq + 1) == seqno) - hctx->ccid2hctx_rpseq++; + if (dccp_delta_seqno(hctx->ccid2hctx_rpseq, seqno) == 1) + hctx->ccid2hctx_rpseq = seqno; /* it's a later packet */ else if (after48(seqno, hctx->ccid2hctx_rpseq)) { hctx->ccid2hctx_rpdupack++; |