| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 May 2014 23:25:16 -0400 (EDT)
From: David Miller <davem@...emloft.net>
To: steffen.klassert@...unet.com
Cc: herbert@...dor.apana.org.au, netdev@...r.kernel.org
Subject: Re: pull request (net): ipsec 2014-05-15
From: Steffen Klassert <steffen.klassert@...unet.com>
Date: Thu, 15 May 2014 09:07:50 +0200
> This pull request has a merge conflict in net/ipv4/ip_vti.c
> between commit 8d89dcdf80d8 ("vti: don't allow to add the same
> tunnel twice") and commit a32452366b72 ("vti4:Don't count header
> length twice"). It can be solved like it is done in linux-next.
>
> 1) Fix a ipv6 xfrm output crash when a packet is rerouted
> by netfilter to not use IPsec.
>
> 2) vti4 counts some header lengths twice leading to an incorrect
> device mtu. Fix this by counting these headers only once.
>
> 3) We don't catch the case if an unsupported protocol is submitted
> to the xfrm protocol handlers, this can lead to NULL pointer
> dereferences. Fix this by adding the appropriate checks.
>
> 4) vti6 may unregister pernet ops twice on init errors.
> Fix this by removing one of the calls to do it only once.
> From Mathias Krause.
>
> 5) Set the vti tunnel mark before doing a lookup in the error
> handlers. Otherwise we don't find the correct xfrm state.
>
> Please pull or let me know if there are problems.
Pulled, thanks a lot Steffen.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists