ipsec: fix integer overflow Type: fix Coverity issue: 394440 Change-Id: I915a088145ee1317a7c8746b517f4af50323aa11 Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>

commit: b753554e25d59e684288c03af261bb690e4b0a66 [log] [tgz]
author: Fan Zhang <fanzhang.oss@gmail.com> Wed Jul 17 16:08:12 2024 +0100
committer: Matthew Smith <mgsmith@netgate.com> Fri Jul 19 12:24:22 2024 +0000
tree: b675a6f560a3a287bce417f86fa13be9eac9aec9
parent: 6ce5d5bcbbcd8c633c8ef0969d8501c73eb5f3b4 [diff] [blame]
diff --git a/src/vnet/ipsec/ipsec_sa.h b/src/vnet/ipsec/ipsec_sa.h
index 4f73f1e..640d928 100644
--- a/src/vnet/ipsec/ipsec_sa.h
+++ b/src/vnet/ipsec/ipsec_sa.h

@@ -486,7 +486,7 @@
       return 0;
     }
 
-  if (PREDICT_TRUE (sa->seq >= window_size - 1))
+  if (PREDICT_TRUE (window_size > 0 && sa->seq >= window_size - 1))
     {
       /*
        * the last sequence number VPP received is more than one
commit	b753554e25d59e684288c03af261bb690e4b0a66	[log] [tgz]
author	Fan Zhang <fanzhang.oss@gmail.com>	Wed Jul 17 16:08:12 2024 +0100
committer	Matthew Smith <mgsmith@netgate.com>	Fri Jul 19 12:24:22 2024 +0000
tree	b675a6f560a3a287bce417f86fa13be9eac9aec9
parent	6ce5d5bcbbcd8c633c8ef0969d8501c73eb5f3b4 [diff] [blame]