| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130814122213.GK26773@secunet.com> Date: Wed, 14 Aug 2013 14:22:13 +0200 From: Steffen Klassert <steffen.klassert@...unet.com> To: Hannes Frederic Sowa <hannes@...essinduktion.org>, netdev@...r.kernel.org Subject: Re: [PATCH net v3] xfrm: make local error reporting more robust On Wed, Aug 14, 2013 at 01:05:23PM +0200, Hannes Frederic Sowa wrote: > In xfrm4 and xfrm6 we need to take care about sockets of the other > address family. This could happen because a 6in4 or 4in6 tunnel could > get protected by ipsec. > > Because we don't want to have a run-time dependency on ipv6 when only > using ipv4 xfrm we have to embed a pointer to the correct local_error > function in xfrm_state_afinet and look it up when returning an error > depending on the socket address family. > > Thanks to vi0ss for the great bug report: > <https://bugzilla.kernel.org/show_bug.cgi?id=58691> > > v2: > a) fix two more unsafe interpretations of skb->sk as ipv6 socket > (xfrm6_local_dontfrag and __xfrm6_output) > v3: > a) add an EXPORT_SYMBOL_GPL(xfrm_local_error) to fix a link error when > building ipv6 as a module (thanks to Steffen Klassert) > > Reported-by: <vi0oss@...il.com> > Cc: Steffen Klassert <steffen.klassert@...unet.com> > Signed-off-by: Hannes Frederic Sowa <hannes@...essinduktion.org> Applied to ipsec, thanks a lot Hannes! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists