diff options
Diffstat (limited to '0007-rx-update_nextCid-overflow-handling-is-broken.patch')
-rw-r--r-- | 0007-rx-update_nextCid-overflow-handling-is-broken.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/0007-rx-update_nextCid-overflow-handling-is-broken.patch b/0007-rx-update_nextCid-overflow-handling-is-broken.patch new file mode 100644 index 000000000000..d5a351f9a1f8 --- /dev/null +++ b/0007-rx-update_nextCid-overflow-handling-is-broken.patch @@ -0,0 +1,52 @@ +From 99e01a0237ea3af6bf859ceeb2f53ed0755c75dd Mon Sep 17 00:00:00 2001 +From: Jeffrey Altman <jaltman@auristor.com> +Date: Thu, 14 Jan 2021 09:57:13 -0500 +Subject: [PATCH 7/7] rx: update_nextCid overflow handling is broken + +The overflow handling in update_nextCid() produces a rx_nextCid +value of 0x80000001 which itself is an overflow. When used +to construct the first call of a new connection the connection +id for the call becomes 0x80000002. + +If the same connection id is used for multiple connections from +the same endpoint the accepting rx peer will be very confused. + +When authenticated connections are used, the CHALLENGE/RESPONSE +will fail because of a mismatch in the connection's callNumber +array. + +All communication from a broken initiator to any rx peer will +fail. + +The incorrect overflow calculation was introduced by +39b165cdda941181845022c183fea1c7af7e4356 ("Move epoch and cid +generation into the rx core"). + +This change corrects the overflow value to become + + 1 << RX_CIDSHIFT + +Change-Id: If36e3aa581d557cc0f4d2d478f84a6593224c3cc +--- + src/rx/rx.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/src/rx/rx.c b/src/rx/rx.c +index e1e6d8fd6..5d5953120 100644 +--- a/src/rx/rx.c ++++ b/src/rx/rx.c +@@ -6651,9 +6651,8 @@ update_nextCid(void) + { + /* Overflow is technically undefined behavior; avoid it. */ + if (rx_nextCid > MAX_AFS_INT32 - (1 << RX_CIDSHIFT)) +- rx_nextCid = -1 * ((MAX_AFS_INT32 / RX_CIDSHIFT) * RX_CIDSHIFT); +- else +- rx_nextCid += 1 << RX_CIDSHIFT; ++ rx_nextCid = 0; ++ rx_nextCid += 1 << RX_CIDSHIFT; + } + + static void +-- +2.30.0 + |