From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, bunk@stusta.de,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Subject: [patch 18/31] Fix IPSEC replay window handling
Date: Wed, 11 Apr 2007 15:52:19 -0700 [thread overview]
Message-ID: <20070411225219.GS24814@kroah.com> (raw)
In-Reply-To: <20070411225100.GA24814@kroah.com>
[-- Attachment #1: fix-ipsec-replay-window-handling.patch --]
[-- Type: text/plain, Size: 1101 bytes --]
-stable review patch. If anyone has any objections, please let us know.
------------------
From: Herbert Xu <herbert@gondor.apana.org.au>
[IPSEC]: Reject packets within replay window but outside the bit mask
Up until this point we've accepted replay window settings greater than
32 but our bit mask can only accomodate 32 packets. Thus any packet
with a sequence number within the window but outside the bit mask would
be accepted.
This patch causes those packets to be rejected instead.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/xfrm/xfrm_state.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1220,7 +1220,8 @@ int xfrm_replay_check(struct xfrm_state
return 0;
diff = x->replay.seq - seq;
- if (diff >= x->props.replay_window) {
+ if (diff >= min_t(unsigned int, x->props.replay_window,
+ sizeof(x->replay.bitmap) * 8)) {
x->stats.replay_window++;
return -EINVAL;
}
--
next prev parent reply other threads:[~2007-04-11 23:01 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20070411224329.866978349@mini.kroah.org>
2007-04-11 22:51 ` [patch 00/31] [00/@num@] -stable review Greg KH
2007-04-11 22:51 ` [patch 01/31] kbuild: fix dependency generation Greg KH
2007-04-11 22:51 ` [patch 02/31] i386: fix file_read_actor() and pipe_read() for original i386 systems Greg KH
2007-04-11 22:51 ` [patch 03/31] sky2: reliable recovery Greg KH
2007-04-11 22:51 ` [patch 04/31] skge: turn carrier off when down Greg KH
2007-04-11 22:51 ` [patch 05/31] sky2: " Greg KH
2007-04-11 22:51 ` [patch 06/31] sky2: turn on clocks when doing resume Greg KH
2007-04-11 22:51 ` [patch 07/31] sky2: phy workarounds for Yukon EC-U A1 Greg KH
2007-04-11 22:51 ` [patch 08/31] DVB: tda10086: fix DiSEqC message length Greg KH
2007-04-11 22:51 ` [patch 09/31] DVB: pluto2: fix incorrect TSCR register setting Greg KH
2007-04-11 22:51 ` [patch 10/31] HID: Do not discard truncated input reports Greg KH
2007-04-11 22:51 ` [patch 11/31] Fix calculation for size of filemap_attr array in md/bitmap Greg KH
2007-04-11 22:51 ` [patch 12/31] 8139too: RTNL and flush_scheduled_work deadlock Greg KH
2007-04-11 22:51 ` [patch 13/31] NETFILTER: ipt_CLUSTERIP: fix oops in checkentry function Greg KH
2007-04-11 22:52 ` [patch 14/31] Fix IFB net driver input device crashes Greg KH
2007-04-11 22:52 ` [patch 15/31] Fix length validation in rawv6_sendmsg() Greg KH
2007-04-11 22:52 ` [patch 16/31] Fix scsi sense handling Greg KH
2007-04-11 22:52 ` [patch 17/31] Fix TCP receiver side SWS handling Greg KH
2007-04-11 22:52 ` Greg KH [this message]
2007-04-11 22:52 ` [patch 19/31] Fix tcindex classifier ABI borkage Greg KH
2007-04-11 22:52 ` [patch 20/31] Fix TCP slow_start_after_idle sysctl Greg KH
2007-04-11 22:52 ` [patch 21/31] ide: use correct IDE error recovery Greg KH
2007-04-11 22:52 ` [patch 22/31] knfsd: allow nfsd READDIR to return 64bit cookies Greg KH
2007-04-11 22:52 ` [patch 23/31] softmac: avoid assert in ieee80211softmac_wx_get_rate Greg KH
2007-04-11 22:52 ` [patch 24/31] libata bugfix: preserve LBA bit for HDIO_DRIVE_TASK Greg KH
2007-04-11 22:52 ` [patch 25/31] ahci.c: walkaround for SB600 SATA internal error issue Greg KH
2007-04-11 22:52 ` [patch 26/31] fix lba48 bug in libata fill_result_tf() Greg KH
2007-04-11 22:52 ` [patch 27/31] libata: Clear tf before doing request sense (take 3) Greg KH
2007-04-11 22:52 ` [patch 28/31] revert "retries in ext3_prepare_write() violate ordering requirements" Greg KH
2007-04-11 22:52 ` [patch 29/31] revert "retries in ext4_prepare_write() " Greg KH
2007-04-11 22:53 ` [patch 30/31] fix page leak during core dump Greg KH
2007-04-11 22:53 ` [patch 31/31] Update libata drive blacklist to the latest from 2.6.21 Greg KH
2007-04-12 6:14 ` [patch 00/31] [00/@num@] -stable review Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070411225219.GS24814@kroah.com \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=bunk@stusta.de \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox