lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 27 Dec 2017 11:00:13 -0500 (EST)
From:   David Miller <davem@...emloft.net>
To:     steffen.klassert@...unet.com
Cc:     herbert@...dor.apana.org.au, netdev@...r.kernel.org
Subject: Re: pull request (net): ipsec 2017-12-22

From: Steffen Klassert <steffen.klassert@...unet.com>
Date: Fri, 22 Dec 2017 10:44:53 +0100

> 1) Check for valid id proto in validate_tmpl(), otherwise
>    we may trigger a warning in xfrm_state_fini().
>    From Cong Wang.
> 
> 2) Fix a typo on XFRMA_OUTPUT_MARK policy attribute.
>    From Michal Kubecek.
> 
> 3) Verify the state is valid when encap_type < 0,
>    otherwise we may crash on IPsec GRO .
>    From Aviv Heller.
> 
> 4) Fix stack-out-of-bounds read on socket policy lookup.
>    We access the flowi of the wrong address family in the
>    IPv4 mapped IPv6 case, fix this by catching address
>    family missmatches before we do the lookup.
> 
> 5) fix xfrm_do_migrate() with AEAD to copy the geniv
>    field too. Otherwise the state is not fully initialized
>    and migration fails. From Antony Antony.
> 
> 6) Fix stack-out-of-bounds with misconfigured transport
>    mode policies. Our policy template validation is not
>    strict enough. It is possible to configure policies
>    with transport mode template where the address family
>    of the template does not match the selectors address
>    family. Fix this by refusing such a configuration,
>    address family can not change on transport mode.
> 
> 7) Fix a policy reference leak when reusing pcpu xdst
>    entry. From Florian Westphal.
> 
> 8) Reinject transport-mode packets through tasklet,
>    otherwise it is possible to reate a recursion
>    loop. From Herbert Xu.
> 
> Please pull or let me know if there are problems.

Pulled, thank you very much!

Powered by blists - more mailing lists