From e001cc2b077d014d2e5c0b966bea3125d3e70342 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 21 Aug 2013 08:28:12 +0200
Subject: kernel-netlink: Fix calculation of ESN bitmap length

While bmp_len stores the number of u_int32_t the allocated bitmap
actually consists of those integers.
---
 .../plugins/kernel_netlink/kernel_netlink_ipsec.c        | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c')

diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index b34fa149c..83f93ec68 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -627,6 +627,14 @@ static inline u_int32_t get_priority(policy_entry_t *policy,
 	return priority;
 }
 
+/**
+ * Return the length of the ESN bitmap
+ */
+static inline size_t esn_bmp_len(private_kernel_netlink_ipsec_t *this)
+{
+	return this->replay_bmp * sizeof(u_int32_t);
+}
+
 /**
  * Convert the general ipsec mode to the one defined in xfrm.h
  */
@@ -1454,7 +1462,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 			struct xfrm_replay_state_esn *replay;
 
 			replay = netlink_reserve(hdr, sizeof(request), XFRMA_REPLAY_ESN_VAL,
-							sizeof(*replay) + (this->replay_window + 7) / 8);
+									 sizeof(*replay) + esn_bmp_len(this));
 			if (!replay)
 			{
 				goto failed;
@@ -1585,7 +1593,7 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this,
 				break;
 			}
 			if (rta->rta_type == XFRMA_REPLAY_ESN_VAL &&
-				RTA_PAYLOAD(rta) >= sizeof(**replay_esn) + this->replay_bmp)
+				RTA_PAYLOAD(rta) >= sizeof(**replay_esn) + esn_bmp_len(this))
 			{
 				*replay_esn = malloc(RTA_PAYLOAD(rta));
 				memcpy(*replay_esn, RTA_DATA(rta), RTA_PAYLOAD(rta));
@@ -1903,12 +1911,12 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
 		struct xfrm_replay_state_esn *state;
 
 		state = netlink_reserve(hdr, sizeof(request), XFRMA_REPLAY_ESN_VAL,
-								sizeof(*state) + this->replay_bmp);
+								sizeof(*state) + esn_bmp_len(this));
 		if (!state)
 		{
 			goto failed;
 		}
-		memcpy(state, replay_esn, sizeof(*state) + this->replay_bmp);
+		memcpy(state, replay_esn, sizeof(*state) + esn_bmp_len(this));
 	}
 	else if (replay)
 	{
-- 
cgit v1.2.3