| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Dec 2017 10:44:53 +0100
From: Steffen Klassert <steffen.klassert@...unet.com>
To: David Miller <davem@...emloft.net>
CC: Herbert Xu <herbert@...dor.apana.org.au>,
Steffen Klassert <steffen.klassert@...unet.com>,
<netdev@...r.kernel.org>
Subject: pull request (net): ipsec 2017-12-22
1) Check for valid id proto in validate_tmpl(), otherwise
we may trigger a warning in xfrm_state_fini().
From Cong Wang.
2) Fix a typo on XFRMA_OUTPUT_MARK policy attribute.
From Michal Kubecek.
3) Verify the state is valid when encap_type < 0,
otherwise we may crash on IPsec GRO .
From Aviv Heller.
4) Fix stack-out-of-bounds read on socket policy lookup.
We access the flowi of the wrong address family in the
IPv4 mapped IPv6 case, fix this by catching address
family missmatches before we do the lookup.
5) fix xfrm_do_migrate() with AEAD to copy the geniv
field too. Otherwise the state is not fully initialized
and migration fails. From Antony Antony.
6) Fix stack-out-of-bounds with misconfigured transport
mode policies. Our policy template validation is not
strict enough. It is possible to configure policies
with transport mode template where the address family
of the template does not match the selectors address
family. Fix this by refusing such a configuration,
address family can not change on transport mode.
7) Fix a policy reference leak when reusing pcpu xdst
entry. From Florian Westphal.
8) Reinject transport-mode packets through tasklet,
otherwise it is possible to reate a recursion
loop. From Herbert Xu.
Please pull or let me know if there are problems.
Thanks!
The following changes since commit d51aae68b142f48232257e96ce317db25445418d:
net: sched: cbq: create block for q->link.block (2017-11-28 16:04:26 -0500)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master
for you to fetch changes up to acf568ee859f098279eadf551612f103afdacb4e:
xfrm: Reinject transport-mode packets through tasklet (2017-12-19 08:23:21 +0100)
----------------------------------------------------------------
Antony Antony (1):
xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
Aviv Heller (1):
xfrm: Fix xfrm_input() to verify state is valid when (encap_type < 0)
Cong Wang (1):
xfrm: check id proto in validate_tmpl()
Florian Westphal (1):
xfrm: put policies when reusing pcpu xdst entry
Herbert Xu (1):
xfrm: Reinject transport-mode packets through tasklet
Michal Kubecek (1):
xfrm: fix XFRMA_OUTPUT_MARK policy entry
Steffen Klassert (2):
xfrm: Fix stack-out-of-bounds read on socket policy lookup.
xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
include/net/xfrm.h | 3 +++
net/ipv4/xfrm4_input.c | 12 ++++++++-
net/ipv6/xfrm6_input.c | 10 +++++++-
net/xfrm/xfrm_input.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++-
net/xfrm/xfrm_policy.c | 9 ++++++-
net/xfrm/xfrm_state.c | 1 +
net/xfrm/xfrm_user.c | 26 ++++++++++++++++++-
7 files changed, 125 insertions(+), 5 deletions(-)
Powered by blists - more mailing lists