From f04696e7451f787112e35ac184ff5057f45269eb Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Fri, 29 Nov 2013 06:01:32 +0100
Subject: Reorder check: avoid undefined behaviour due to negative or to long
 shifts

---
 src/config.c         |  1 -
 src/fastd.h          |  1 -
 src/methods/common.c | 13 ++++++++++---
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/config.c b/src/config.c
index 8f68b41..ed4a8d7 100644
--- a/src/config.c
+++ b/src/config.c
@@ -54,7 +54,6 @@ static void default_config(fastd_config_t *conf) {
 	conf->peer_stale_time = 90;
 	conf->eth_addr_stale_time = 300;
 
-	conf->reorder_count = 64;
 	conf->reorder_time = 10;
 
 	conf->min_handshake_interval = 15;
diff --git a/src/fastd.h b/src/fastd.h
index 8ea5027..e513a1d 100644
--- a/src/fastd.h
+++ b/src/fastd.h
@@ -178,7 +178,6 @@ struct fastd_config {
 	unsigned peer_stale_time;
 	unsigned eth_addr_stale_time;
 
-	unsigned reorder_count;
 	unsigned reorder_time;
 
 	unsigned min_handshake_interval;
diff --git a/src/methods/common.c b/src/methods/common.c
index 7c67253..9308332 100644
--- a/src/methods/common.c
+++ b/src/methods/common.c
@@ -63,7 +63,7 @@ bool fastd_method_is_nonce_valid(fastd_context_t *ctx, const fastd_method_common
 		if (timespec_diff(&ctx->now, &session->receive_last) > (int)ctx->conf->reorder_time*1000)
 			return false;
 
-		if (*age > ctx->conf->reorder_count)
+		if (*age > 64)
 			return false;
 	}
 
@@ -72,8 +72,15 @@ bool fastd_method_is_nonce_valid(fastd_context_t *ctx, const fastd_method_common
 
 bool fastd_method_reorder_check(fastd_context_t *ctx, fastd_peer_t *peer, fastd_method_common_t *session, const uint8_t nonce[COMMON_NONCEBYTES], int64_t age) {
 	if (age < 0) {
-		session->receive_reorder_seen >>= age;
-		session->receive_reorder_seen |= (1 >> (age+1));
+		size_t shift = age < (-64) ? 64 : ((size_t)-age);
+
+		if (shift > 63)
+			session->receive_reorder_seen = 0;
+		else
+			session->receive_reorder_seen <<= shift;
+
+		session->receive_reorder_seen |= (1 << (shift-1));
+
 		memcpy(session->receive_nonce, nonce, COMMON_NONCEBYTES);
 		session->receive_last = ctx->now;
 		return true;
-- 
cgit v1.2.3