| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 04 May 2016 16:48:28 -0400 (EDT) From: David Miller <davem@...emloft.net> To: steffen.klassert@...unet.com Cc: herbert@...dor.apana.org.au, netdev@...r.kernel.org Subject: Re: pull request (net): ipsec 2016-05-04 From: Steffen Klassert <steffen.klassert@...unet.com> Date: Wed, 4 May 2016 07:40:51 +0200 > 1) The flowcache can hit an OOM condition if too > many entries are in the gc_list. Fix this by > counting the entries in the gc_list and refuse > new allocations if the value is too high. > > 2) The inner headers are invalid after a xfrm transformation, > so reset the skb encapsulation field to ensure nobody tries > access the inner headers. Otherwise tunnel devices stacked > on top of xfrm may build the outer headers based on wrong > informations. > > 3) Add pmtu handling to vti, we need it to report > pmtu informations for local generated packets. > > Please pull or let me know if there are problems. Pulled, thanks Steffen. While build testing this I was worried that it might be possible to create a situation where IP_VTI=y yet IPV6=m and therefore have a unresolvable reference to icmpv6_send(). However I was not able to create such a configuration, as hard as I tried. :-)
Powered by blists - more mailing lists