lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20171009.094100.2282782707149245126.davem@davemloft.net>
Date:   Mon, 09 Oct 2017 09:41:00 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     steffen.klassert@...unet.com
Cc:     tobias@...ongswan.org, weiwan@...gle.com, netdev@...r.kernel.org
Subject: Re: [PATCH net] ipv6: Fix traffic triggered IPsec connections.

From: Steffen Klassert <steffen.klassert@...unet.com>
Date: Mon, 9 Oct 2017 08:39:43 +0200

> A recent patch removed the dst_free() on the allocated
> dst_entry in ipv6_blackhole_route(). The dst_free() marked
> the dst_entry as dead and added it to the gc list. I.e. it
> was setup for a one time usage. As a result we may now have
> a blackhole route cached at a socket on some IPsec scenarios.
> This makes the connection unusable.
> 
> Fix this by marking the dst_entry directly at allocation time
> as 'dead', so it is used only once.
> 
> Fixes: 587fea741134 ("ipv6: mark DST_NOGC and remove the operation of dst_free()")
> Reported-by: Tobias Brunner <tobias@...ongswan.org>
> Signed-off-by: Steffen Klassert <steffen.klassert@...unet.com>

Applied and queued up for -stable, thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ