1. 28 Jul, 2020 1 commit
    • Sabrina Dubroca's avatar
      xfrm: esp6: fix the location of the transport header with encapsulation · d5dba137
      Sabrina Dubroca authored
      commit 17175d1a ("xfrm: esp6: fix encapsulation header offset
      computation") changed esp6_input_done2 to correctly find the size of
      the IPv6 header that precedes the TCP/UDP encapsulation header, but
      didn't adjust the final call to skb_set_transport_header, which I
      assumed was correct in using skb_network_header_len.
      
      Xiumei Mu reported that when we create xfrm states that include port
      numbers in the selector, traffic from the user sockets is dropped. It
      turns out that we get a state mismatch in __xfrm_policy_check, because
      we end up trying to compare the encapsulation header's ports with the
      selector that's based on user traffic ports.
      
      Fixes: 0146dca7 ("xfrm: add support for UDPv6 encapsulation of ESP")
      Fixes: 26333c37 ("xfrm: add IPv6 support for espintcp")
      Reported-by: default avatarXiumei Mu <xmu@redhat.com>
      Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
      Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
      d5dba137
  2. 22 Jul, 2020 1 commit
    • Mark Salyzyn's avatar
      af_key: pfkey_dump needs parameter validation · 37bd2242
      Mark Salyzyn authored
      In pfkey_dump() dplen and splen can both be specified to access the
      xfrm_address_t structure out of bounds in__xfrm_state_filter_match()
      when it calls addr_match() with the indexes.  Return EINVAL if either
      are out of range.
      Signed-off-by: default avatarMark Salyzyn <salyzyn@android.com>
      Cc: netdev@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Cc: kernel-team@android.com
      Cc: Steffen Klassert <steffen.klassert@secunet.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Jakub Kicinski <kuba@kernel.org>
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
      37bd2242
  3. 21 Jul, 2020 2 commits
    • Steffen Klassert's avatar
      xfrm: Fix crash when the hold queue is used. · 101dde42
      Steffen Klassert authored
      The commits "xfrm: Move dst->path into struct xfrm_dst"
      and "net: Create and use new helper xfrm_dst_child()."
      changed xfrm bundle handling under the assumption
      that xdst->path and dst->child are not a NULL pointer
      only if dst->xfrm is not a NULL pointer. That is true
      with one exception. If the xfrm hold queue is used
      to wait until a SA is installed by the key manager,
      we create a dummy bundle without a valid dst->xfrm
      pointer. The current xfrm bundle handling crashes
      in that case. Fix this by extending the NULL check
      of dst->xfrm with a test of the DST_XFRM_QUEUE flag.
      
      Fixes: 0f6c480f ("xfrm: Move dst->path into struct xfrm_dst")
      Fixes: b92cf4aa ("net: Create and use new helper xfrm_dst_child().")
      Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
      101dde42
    • Steffen Klassert's avatar
      Merge remote-tracking branch 'origin/testing' · 0a266f89
      Steffen Klassert authored
      Sabrina Dubroca says:
      
      ====================
      xfrm: a few fixes for espintc
      
      Andrew Cagney reported some issues when trying to use async operations
      on the encapsulation socket. Patches 1 and 2 take care of these bugs.
      
      In addition, I missed a spot when adding IPv6 support and converting
      to the common config option.
      ====================
      Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
      0a266f89
  4. 17 Jul, 2020 3 commits
  5. 07 Jul, 2020 1 commit
  6. 24 Jun, 2020 11 commits
  7. 23 Jun, 2020 21 commits