• David S. Miller's avatar
    Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec · ee0b6f48
    David S. Miller authored
    Steffen Klassert says:
    
    ====================
    pull request (net): ipsec 2018-10-01
    
    1) Validate address prefix lengths in the xfrm selector,
       otherwise we may hit undefined behaviour in the
       address matching functions if the prefix is too
       big for the given address family.
    
    2) Fix skb leak on local message size errors.
       From Thadeu Lima de Souza Cascardo.
    
    3) We currently reset the transport header back to the network
       header after a transport mode transformation is applied. This
       leads to an incorrect transport header when multiple transport
       mode transformations are applied. Reset the transport header
       only after all transformations are already applied to fix this.
       From Sowmini Varadhan.
    
    4) We only support one offloaded xfrm, so reset crypto_done after
       the first transformation in xfrm_input(). Otherwise we may call
       the wrong input method for subsequent transformations.
       From Sowmini Varadhan.
    
    5) Fix NULL pointer dereference when skb_dst_force clears the dst_entry.
       skb_dst_force does not really force a dst refcount anymore, it might
       clear it instead. xfrm code did not expect this, add a check to not
       dereference skb_dst() if it was cleared by skb_dst_force.
    
    6) Validate xfrm template mode, otherwise we can get a stack-out-of-bounds
       read in xfrm_state_find. From Sean Tranchetti.
    
    Please pull or let me know if there are problems.
    ====================
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    ee0b6f48
xfrm_input.c 12.7 KB