lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Dec 2017 11:00:13 -0500 (EST) From: David Miller <davem@...emloft.net> To: steffen.klassert@...unet.com Cc: herbert@...dor.apana.org.au, netdev@...r.kernel.org Subject: Re: pull request (net): ipsec 2017-12-22 From: Steffen Klassert <steffen.klassert@...unet.com> Date: Fri, 22 Dec 2017 10:44:53 +0100 > 1) Check for valid id proto in validate_tmpl(), otherwise > we may trigger a warning in xfrm_state_fini(). > From Cong Wang. > > 2) Fix a typo on XFRMA_OUTPUT_MARK policy attribute. > From Michal Kubecek. > > 3) Verify the state is valid when encap_type < 0, > otherwise we may crash on IPsec GRO . > From Aviv Heller. > > 4) Fix stack-out-of-bounds read on socket policy lookup. > We access the flowi of the wrong address family in the > IPv4 mapped IPv6 case, fix this by catching address > family missmatches before we do the lookup. > > 5) fix xfrm_do_migrate() with AEAD to copy the geniv > field too. Otherwise the state is not fully initialized > and migration fails. From Antony Antony. > > 6) Fix stack-out-of-bounds with misconfigured transport > mode policies. Our policy template validation is not > strict enough. It is possible to configure policies > with transport mode template where the address family > of the template does not match the selectors address > family. Fix this by refusing such a configuration, > address family can not change on transport mode. > > 7) Fix a policy reference leak when reusing pcpu xdst > entry. From Florian Westphal. > > 8) Reinject transport-mode packets through tasklet, > otherwise it is possible to reate a recursion > loop. From Herbert Xu. > > Please pull or let me know if there are problems. Pulled, thank you very much!
Powered by blists - more mailing lists