On 12/31/2015 10:34 PM, Alexis D...t wrote:
> If a 32 bits l2tpv3 frame cookie MSB if set to 1, the cast to uint64_t
> cookie will
> spread 1 to the four most significant bytes.
> Then the condition (cookie != s->rx_cookie) becomes false.
>
> Signed-off-by: Alexis Dambricourt <alexis.dambrico...@gmail.com>
> ---
> net/l2tpv3.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/l2tpv3.c b/net/l2tpv3.c
> index 8e68e54..21d6119 100644
> --- a/net/l2tpv3.c
> +++ b/net/l2tpv3.c
> @@ -325,7 +325,7 @@ static int l2tpv3_verify_header(NetL2TPV3State *s,
> uint8_t *buf)
> if (s->cookie_is_64) {
> cookie = ldq_be_p(buf + s->cookie_offset);
> } else {
> - cookie = ldl_be_p(buf + s->cookie_offset);
> + cookie = ldl_be_p(buf + s->cookie_offset) & 0xffffffffULL;
> }
> if (cookie != s->rx_cookie) {
> if (!s->header_mismatch) {
Hi:
Patch looks good. But it fails to be applied cleanly:
Applying: l2tpv3: fix cookie decoding
fatal: corrupt patch at line 10
Patch failed at 0001 l2tpv3: fix cookie decoding
It's suggested to use git-foramt-patch(1) and git-send-email(1) to
format and send patches.
