From: Steffen Klassert <steffen.klassert@secunet.com>
To: David Miller <davem@davemloft.net>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
Steffen Klassert <steffen.klassert@secunet.com>,
<netdev@vger.kernel.org>
Subject: pull request (net): ipsec 2017-05-23
Date: Tue, 23 May 2017 07:33:39 +0200 [thread overview]
Message-ID: <1495517624-27096-1-git-send-email-steffen.klassert@secunet.com> (raw)
1) Fix wrong header offset for esp4 udpencap packets.
2) Fix a stack access out of bounds when creating a bundle
with sub policies. From Sabrina Dubroca.
3) Fix slab-out-of-bounds in pfkey due to an incorrect
sadb_x_sec_len calculation.
4) We checked the wrong feature flags when taking down
an interface with IPsec offload enabled.
Fix from Ilan Tayari.
5) Copy the anti replay sequence numbers when doing a state
migration, otherwise we get out of sync with the sequence
numbers. Fix from Antony Antony.
Please pull or let me know if there are problems.
Thanks!
The following changes since commit f411af6822182f84834c4881b825dd40534e7fe8:
Merge branch 'ibmvnic-Updated-reset-handler-andcode-fixes' (2017-05-03 11:33:06 -0400)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master
for you to fetch changes up to a486cd23661c9387fb076c3f6ae8b2aa9d20d54a:
xfrm: fix state migration copy replay sequence numbers (2017-05-19 12:49:13 +0200)
----------------------------------------------------------------
Antony Antony (1):
xfrm: fix state migration copy replay sequence numbers
Ilan Tayari (1):
xfrm: Fix NETDEV_DOWN with IPSec offload
Sabrina Dubroca (1):
xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY
Steffen Klassert (2):
esp4: Fix udpencap for local TCP packets.
af_key: Fix slab-out-of-bounds in pfkey_compile_policy.
include/net/xfrm.h | 10 ----------
net/ipv4/esp4.c | 5 ++++-
net/key/af_key.c | 2 +-
net/xfrm/xfrm_device.c | 2 +-
net/xfrm/xfrm_policy.c | 47 -----------------------------------------------
net/xfrm/xfrm_state.c | 2 ++
6 files changed, 8 insertions(+), 60 deletions(-)
next reply other threads:[~2017-05-23 5:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-23 5:33 Steffen Klassert [this message]
2017-05-23 5:33 ` [PATCH 1/5] esp4: Fix udpencap for local TCP packets Steffen Klassert
2017-05-23 5:33 ` [PATCH 2/5] xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY Steffen Klassert
2017-05-23 5:33 ` [PATCH 3/5] af_key: Fix slab-out-of-bounds in pfkey_compile_policy Steffen Klassert
2017-05-23 5:33 ` [PATCH 4/5] xfrm: Fix NETDEV_DOWN with IPSec offload Steffen Klassert
2017-05-23 5:33 ` [PATCH 5/5] xfrm: fix state migration copy replay sequence numbers Steffen Klassert
2017-05-23 14:54 ` pull request (net): ipsec 2017-05-23 David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1495517624-27096-1-git-send-email-steffen.klassert@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.