From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steffen Klassert Subject: pull request (net): ipsec 2018-05-31 Date: Thu, 31 May 2018 12:23:24 +0200 Message-ID: <20180531102326.5728-1-steffen.klassert@secunet.com> Mime-Version: 1.0 Content-Type: text/plain Cc: Herbert Xu , Steffen Klassert , To: David Miller Return-path: Received: from a.mx.secunet.com ([62.96.220.36]:48408 "EHLO a.mx.secunet.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754457AbeEaKXa (ORCPT ); Thu, 31 May 2018 06:23:30 -0400 Sender: netdev-owner@vger.kernel.org List-ID: 1) Avoid possible overflow of the offset variable in _decode_session6(), this fixes an infinite lookp there. From Eric Dumazet. 2) We may use an error pointer in the error path of xfrm_bundle_create(). Fix this by returning this pointer directly to the caller. Please pull or let me know if there are problems. Thanks! The following changes since commit 2c5d5b13c6eb79f5677e206b8aad59b3a2097f60: llc: better deal with too small mtu (2018-05-08 00:11:40 -0400) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master for you to fetch changes up to 38369f54d97dd7dc50c73a2797bfeb53c2e87d2d: xfrm Fix potential error pointer dereference in xfrm_bundle_create. (2018-05-31 09:53:04 +0200) ---------------------------------------------------------------- Eric Dumazet (1): xfrm6: avoid potential infinite loop in _decode_session6() Steffen Klassert (1): xfrm Fix potential error pointer dereference in xfrm_bundle_create. net/ipv6/xfrm6_policy.c | 2 +- net/xfrm/xfrm_policy.c | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-)