| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Sep 2014 14:04:07 +0200 From: Steffen Klassert <steffen.klassert@...unet.com> To: Konstantinos Kolelis <k.kolelis@...rix.com> CC: <netdev@...r.kernel.org>, <davem@...emloft.net>, <kuznet@....inr.ac.ru>, <jmorris@...ei.org>, <yoshfuji@...ux-ipv6.org>, <kaber@...sh.net>, <herbert@...dor.apana.org.au> Subject: Re: [BUG REPORT] Unencrypted packets after SNAT, allthough IPSEC-Policies are present On Mon, Sep 15, 2014 at 10:09:41AM +0200, Steffen Klassert wrote: > > diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c > index beeed60..e041822 100644 > --- a/net/xfrm/xfrm_policy.c > +++ b/net/xfrm/xfrm_policy.c > @@ -2138,7 +2138,8 @@ struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig, > xfrm_pols_put(pols, drop_pols); > XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES); > > - return make_blackhole(net, family, dst_orig); > + err = -EREMOTE; > + goto error; We must return here, otherwise we drop some refcounts too much. I'll send an updated patch tomorrow. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists