ipsec: fix integer overflow

Type: fix Coverity issue: 394440 Change-Id: I915a088145ee1317a7c8746b517f4af50323aa11 Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
author: Fan Zhang <fanzhang.oss@gmail.com> 2024-07-17 16:08:12 +0100
committer: Matthew Smith <mgsmith@netgate.com> 2024-07-19 12:24:22 +0000
commit: b753554e25d59e684288c03af261bb690e4b0a66 (patch)
tree: b675a6f560a3a287bce417f86fa13be9eac9aec9 /src/vnet
parent: 6ce5d5bcbbcd8c633c8ef0969d8501c73eb5f3b4 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/vnet/ipsec/ipsec_sa.h b/src/vnet/ipsec/ipsec_sa.h
index 4f73f1eab0f..640d9288a42 100644
--- a/src/vnet/ipsec/ipsec_sa.h
+++ b/src/vnet/ipsec/ipsec_sa.h
@@ -486,7 +486,7 @@ ipsec_sa_anti_replay_and_sn_advance (const ipsec_sa_t *sa, u32 seq,
       return 0;
     }
 
-  if (PREDICT_TRUE (sa->seq >= window_size - 1))
+  if (PREDICT_TRUE (window_size > 0 && sa->seq >= window_size - 1))
     {
       /*
        * the last sequence number VPP received is more than one
author	Fan Zhang <fanzhang.oss@gmail.com>	2024-07-17 16:08:12 +0100
committer	Matthew Smith <mgsmith@netgate.com>	2024-07-19 12:24:22 +0000
commit	b753554e25d59e684288c03af261bb690e4b0a66 (patch)
tree	b675a6f560a3a287bce417f86fa13be9eac9aec9 /src/vnet
parent	6ce5d5bcbbcd8c633c8ef0969d8501c73eb5f3b4 (diff)