diff options
| author |   Fan Zhang <fanzhang.oss@gmail.com> | 2024-07-17 16:08:12 +0100 |
|---|---|---|
| committer |   Matthew Smith <mgsmith@netgate.com> | 2024-07-19 12:24:22 +0000 |
| commit | b753554e25d59e684288c03af261bb690e4b0a66 (patch) | |
| tree | b675a6f560a3a287bce417f86fa13be9eac9aec9 | |
| parent | 6ce5d5bcbbcd8c633c8ef0969d8501c73eb5f3b4 (diff) | |
ipsec: fix integer overflow
Type: fix
Coverity issue: 394440
Change-Id: I915a088145ee1317a7c8746b517f4af50323aa11
Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
| -rw-r--r-- | src/vnet/ipsec/ipsec_sa.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/vnet/ipsec/ipsec_sa.h b/src/vnet/ipsec/ipsec_sa.h index 4f73f1eab0f..640d9288a42 100644 --- a/src/vnet/ipsec/ipsec_sa.h +++ b/src/vnet/ipsec/ipsec_sa.h @@ -486,7 +486,7 @@ ipsec_sa_anti_replay_and_sn_advance (const ipsec_sa_t *sa, u32 seq, return 0; } - if (PREDICT_TRUE (sa->seq >= window_size - 1)) + if (PREDICT_TRUE (window_size > 0 && sa->seq >= window_size - 1)) { /* * the last sequence number VPP received is more than one |