From: Jarek Poplawski <jarkao2@gmail.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>, netdev@vger.kernel.org
Subject: Re: [IPSEC]: Avoid undefined shift operation when testing algorithm ID
Date: Thu, 20 Dec 2007 08:58:57 +0100 [thread overview]
Message-ID: <20071220075857.GA1924@ff.dom.local> (raw)
In-Reply-To: <20071220042937.GA18679@gondor.apana.org.au>
On 20-12-2007 05:29, Herbert Xu wrote:
> Hi Dave:
>
> I had wanted to fix this for ages but kept putting it off and then
> forgetting about it :) So before I forget again,
>
> [IPSEC]: Avoid undefined shift operation when testing algorithm ID
>
> The aalgos/ealgos fields are only 32 bits wide. However, af_key tries
> to test them with the expression 1 << id where id can be as large as
> 253. This produces different behaviour on different architectures.
>
> The following patch explicitly checks whether ID is greater than 31
> and fails the check if that's the case.
>
> We cannot easily extend the mask to be longer than 32 bits due to
> exposure to user-space. Besides, this whole interface is obsolete
> anyway in favour of the xfrm_user interface which doesn't use this
> bit mask in templates (well not within the kernel anyway).
>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
>
> diff --git a/net/key/af_key.c b/net/key/af_key.c
> index 878039b..26d5e63 100644
> --- a/net/key/af_key.c
> +++ b/net/key/af_key.c
> @@ -2784,12 +2784,22 @@ static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp)
>
> static inline int aalg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
> {
> - return t->aalgos & (1 << d->desc.sadb_alg_id);
> + unsigned int id = d->desc.sadb_alg_id;
> +
> + if (id >= sizeof(t->aalgos) * 8)
> + return 0;
> +
> + return (t->aalgos >> id) & 1;
> }
Hi,
you probably have forgotten to mention in the changelog the returned
value is changed to 0/1 btw?
But, since you've mentioned different architectures, maybe it's the
good moment to find out why you and/or Linux doesn't seem to use
something like CHAR_BIT instead of this 8?
Thanks,
Jarek P.
prev parent reply other threads:[~2007-12-20 7:53 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-12-20 4:29 [IPSEC]: Avoid undefined shift operation when testing algorithm ID Herbert Xu
2007-12-20 7:44 ` David Miller
2007-12-20 7:58 ` Jarek Poplawski [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071220075857.GA1924@ff.dom.local \
--to=jarkao2@gmail.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).