From: David Miller <davem@davemloft.net>
To: steffen.klassert@secunet.com
Cc: herbert@gondor.apana.org.au, netdev@vger.kernel.org
Subject: Re: pull request (net): ipsec 2018-10-01
Date: Mon, 01 Oct 2018 22:29:45 -0700 (PDT) [thread overview]
Message-ID: <20181001.222945.302521963297826599.davem@davemloft.net> (raw)
In-Reply-To: <20181001085855.12057-1-steffen.klassert@secunet.com>
From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Mon, 1 Oct 2018 10:58:49 +0200
> 1) Validate address prefix lengths in the xfrm selector,
> otherwise we may hit undefined behaviour in the
> address matching functions if the prefix is too
> big for the given address family.
>
> 2) Fix skb leak on local message size errors.
> From Thadeu Lima de Souza Cascardo.
>
> 3) We currently reset the transport header back to the network
> header after a transport mode transformation is applied. This
> leads to an incorrect transport header when multiple transport
> mode transformations are applied. Reset the transport header
> only after all transformations are already applied to fix this.
> From Sowmini Varadhan.
>
> 4) We only support one offloaded xfrm, so reset crypto_done after
> the first transformation in xfrm_input(). Otherwise we may call
> the wrong input method for subsequent transformations.
> From Sowmini Varadhan.
>
> 5) Fix NULL pointer dereference when skb_dst_force clears the dst_entry.
> skb_dst_force does not really force a dst refcount anymore, it might
> clear it instead. xfrm code did not expect this, add a check to not
> dereference skb_dst() if it was cleared by skb_dst_force.
>
> 6) Validate xfrm template mode, otherwise we can get a stack-out-of-bounds
> read in xfrm_state_find. From Sean Tranchetti.
>
> Please pull or let me know if there are problems.
Pulled, thanks!
prev parent reply other threads:[~2018-10-02 12:11 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-01 8:58 pull request (net): ipsec 2018-10-01 Steffen Klassert
2018-10-01 8:58 ` [PATCH 1/6] xfrm: Validate address prefix lengths in the xfrm selector Steffen Klassert
2018-10-01 8:58 ` [PATCH 2/6] xfrm6: call kfree_skb when skb is toobig Steffen Klassert
2018-10-01 8:58 ` [PATCH 3/6] xfrm: reset transport header back to network header after all input transforms ahave been applied Steffen Klassert
2018-10-01 8:58 ` [PATCH 4/6] xfrm: reset crypto_done when iterating over multiple input xfrms Steffen Klassert
2018-10-01 8:58 ` [PATCH 5/6] xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry Steffen Klassert
2018-10-01 11:29 ` Sergei Shtylyov
2018-10-01 8:58 ` [PATCH 6/6] xfrm: validate template mode Steffen Klassert
2018-10-02 5:29 ` David Miller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181001.222945.302521963297826599.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox