ipv6: fix overlap check for fragments
Shan Wei [Fri, 5 Nov 2010 01:56:34 +0000 (01:56 +0000)]
The type of FRAG6_CB(prev)->offset is int, skb->len is *unsigned* int,
and offset is int.

Without this patch, type conversion occurred to this expression, when
(FRAG6_CB(prev)->offset + prev->len) is less than offset.

Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/ipv6/reassembly.c

index c7ba314..0f27664 100644 (file)
@@ -349,7 +349,7 @@ found:
 
        /* Check for overlap with preceding fragment. */
        if (prev &&
-           (FRAG6_CB(prev)->offset + prev->len) - offset > 0)
+           (FRAG6_CB(prev)->offset + prev->len) > offset)
                goto discard_fq;
 
        /* Look for overlap with succeeding segment. */