ipv6: fix overlap check for fragments
authorShan Wei <shanwei@cn.fujitsu.com>
Fri, 5 Nov 2010 01:56:34 +0000 (01:56 +0000)
committerDavid S. Miller <davem@davemloft.net>
Mon, 8 Nov 2010 20:17:06 +0000 (12:17 -0800)
The type of FRAG6_CB(prev)->offset is int, skb->len is *unsigned* int,
and offset is int.

Without this patch, type conversion occurred to this expression, when
(FRAG6_CB(prev)->offset + prev->len) is less than offset.

Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv6/reassembly.c

index c7ba3149633fcf79160849498d87ae5e53f695b1..0f276645375969054b36aea6c8fcb7a80666921c 100644 (file)
@@ -349,7 +349,7 @@ found:
 
        /* Check for overlap with preceding fragment. */
        if (prev &&
-           (FRAG6_CB(prev)->offset + prev->len) - offset > 0)
+           (FRAG6_CB(prev)->offset + prev->len) > offset)
                goto discard_fq;
 
        /* Look for overlap with succeeding segment. */