From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
To: Steffen Klassert <steffen.klassert@secunet.com>,
David Miller <davem@davemloft.net>
Cc: herbert@gondor.apana.org.au, robsonde@gmail.com, netdev@vger.kernel.org
Subject: Re: [PATCH 2/2] Revert "xfrm: Fix stack-out-of-bounds read in xfrm_state_find."
Date: Fri, 5 Jan 2018 17:12:59 +0100 [thread overview]
Message-ID: <35230e77-dbda-1e2b-6396-41afbbaf1557@6wind.com> (raw)
In-Reply-To: <20171223160938.rmfwopbmeyepndh5@gauss3.secunet.de>
Le 23/12/2017 à 17:09, Steffen Klassert a écrit :
> On Sat, Dec 23, 2017 at 10:56:12AM -0500, David Miller wrote:
>> From: Steffen Klassert <steffen.klassert@secunet.com>
>> Date: Sat, 23 Dec 2017 10:22:17 +0100
>>
>>> On Thu, Nov 16, 2017 at 11:00:40AM +0100, Steffen Klassert wrote:
>>>> This reverts commit c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e.
>>>>
>>>> This commit breaks transport mode when the policy template
>>>> has widlcard addresses configured, so revert it.
>>>>
>>>> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
>>>
>>> David, can you please queue this one up for v4.14-stable?
>>> Commit ID is 94802151894d482e82c324edf2c658f8e6b96508
>>>
>>> v4.14 is unusable for some people without this revert.
>>
>> Yes, but it adds back the stack out-of-bounds bug.
>>
>> If I queue up the revert, I would also need to queue up whatever
>> follow-on you used to fix the out-of-bounds bug properly. Which
>> commit is that?
>
> This is commit ddc47e4404b58f03e98345398fb12d38fe291512
> ("xfrm: Fix stack-out-of-bounds read on socket policy lookup.")
>
> It is included in the pull request for the net tree that
> I sent yesterday. The patch looks save, but not so sure
> if it should go directly to stable. These bugs reported by
> the syzbot are usually quite subtile and I already broke
> something when I tried to fix the original stack out-of-bounds
> bug. So maybe we should wait until the v4.15 release before
> backporting...
>
This patch is still missing in the 4.14 stable. Without it, some IPsec scenarii
are broken. Is there a plan to queue this patch for the 4.14 stable ?
Thank you,
Nicolas
next prev parent reply other threads:[~2018-01-05 16:13 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-16 10:00 pull request (net): ipsec 2017-11-16 Steffen Klassert
2017-11-16 10:00 ` [PATCH 1/2] xfrm: Copy policy family in clone_policy Steffen Klassert
2017-11-16 10:00 ` [PATCH 2/2] Revert "xfrm: Fix stack-out-of-bounds read in xfrm_state_find." Steffen Klassert
2017-12-23 9:22 ` Steffen Klassert
2017-12-23 15:56 ` David Miller
2017-12-23 16:09 ` Steffen Klassert
2017-12-23 18:10 ` robsonde
2018-01-05 16:12 ` Nicolas Dichtel [this message]
2018-01-05 17:17 ` David Miller
2018-01-08 16:06 ` Nicolas Dichtel
2017-11-16 13:34 ` pull request (net): ipsec 2017-11-16 David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=35230e77-dbda-1e2b-6396-41afbbaf1557@6wind.com \
--to=nicolas.dichtel@6wind.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
--cc=robsonde@gmail.com \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox