lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Thu, 15 May 2014 23:25:16 -0400 (EDT)
From:	David Miller <>
Subject: Re: pull request (net): ipsec 2014-05-15

From: Steffen Klassert <>
Date: Thu, 15 May 2014 09:07:50 +0200

> This pull request has a merge conflict in net/ipv4/ip_vti.c
> between commit 8d89dcdf80d8 ("vti: don't allow to add the same
> tunnel twice") and commit a32452366b72  ("vti4:Don't count header
> length twice"). It can be solved like it is done in linux-next.
> 1) Fix a ipv6 xfrm output crash when a packet is rerouted
>    by netfilter to not use IPsec.
> 2) vti4 counts some header lengths twice leading to an incorrect
>    device mtu. Fix this by counting these headers only once.
> 3) We don't catch the case if an unsupported protocol is submitted
>    to the xfrm protocol handlers, this can lead to NULL pointer
>    dereferences. Fix this by adding the appropriate checks.
> 4) vti6 may unregister pernet ops twice on init errors.
>    Fix this by removing one of the calls to do it only once.
>    From Mathias Krause.
> 5) Set the vti tunnel mark before doing a lookup in the error
>    handlers. Otherwise we don't find the correct xfrm state.
> Please pull or let me know if there are problems.

Pulled, thanks a lot Steffen.
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists