lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20171009.094116.582301692542201477.davem@davemloft.net>
Date:   Mon, 09 Oct 2017 09:41:16 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     steffen.klassert@...unet.com
Cc:     tobias@...ongswan.org, weiwan@...gle.com, netdev@...r.kernel.org
Subject: Re: [PATCH net] ipv4: Fix traffic triggered IPsec connections.

From: Steffen Klassert <steffen.klassert@...unet.com>
Date: Mon, 9 Oct 2017 08:43:55 +0200

> A recent patch removed the dst_free() on the allocated
> dst_entry in ipv4_blackhole_route(). The dst_free() marked the
> dst_entry as dead and added it to the gc list. I.e. it was setup
> for a one time usage. As a result we may now have a blackhole
> route cached at a socket on some IPsec scenarios. This makes the
> connection unusable.
> 
> Fix this by marking the dst_entry directly at allocation time
> as 'dead', so it is used only once.
> 
> Fixes: b838d5e1c5b6 ("ipv4: mark DST_NOGC and remove the operation of dst_free()")
> Reported-by: Tobias Brunner <tobias@...ongswan.org>
> Signed-off-by: Steffen Klassert <steffen.klassert@...unet.com>

Applied and queued up for -stable.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ