lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 31 Jul 2020 09:17:54 +0200
From:   Steffen Klassert <>
To:     David Miller <>
CC:     Herbert Xu <>,
        Steffen Klassert <>,
Subject: pull request (net): ipsec 2020-07-31

1) Fix policy matching with mark and mask on userspace interfaces.
   From Xin Long.

2) Several fixes for the new ESP in TCP encapsulation.
   From Sabrina Dubroca.

3) Fix crash when the hold queue is used. The assumption that
   xdst->path and dst->child are not a NULL pointer only if dst->xfrm
   is not a NULL pointer is true with the exception of using the
   hold queue. Fix this by checking for hold queue usage before
   dereferencing xdst->path or dst->child.

4) Validate pfkey_dump parameter before sending them.
   From Mark Salyzyn.

5) Fix the location of the transport header with ESP in UDPv6
   encapsulation. From Sabrina Dubroca.

Please pull or let me know if there are problems.


The following changes since commit 0275875530f692c725c6f993aced2eca2d6ac50c:

  Merge branch 'Two-phylink-pause-fixes' (2020-06-23 20:53:28 -0700)

are available in the Git repository at:

  git:// master

for you to fetch changes up to 71b59bf482b2dd662774f34108c5b904efa9e02b:

  espintcp: count packets dropped in espintcp_rcv (2020-07-30 06:51:36 +0200)

Mark Salyzyn (1):
      af_key: pfkey_dump needs parameter validation

Sabrina Dubroca (7):
      xfrm: esp6: fix encapsulation header offset computation
      espintcp: support non-blocking sends
      espintcp: recv() should return 0 when the peer socket is closed
      xfrm: policy: fix IPv6-only espintcp compilation
      xfrm: esp6: fix the location of the transport header with encapsulation
      espintcp: handle short messages instead of breaking the encap socket
      espintcp: count packets dropped in espintcp_rcv

Steffen Klassert (2):
      Merge remote-tracking branch 'origin/testing'
      xfrm: Fix crash when the hold queue is used.

Xin Long (1):
      xfrm: policy: match with both mark and mask on user interfaces

 include/net/xfrm.h     | 15 +++++++-----
 net/ipv6/esp6.c        | 13 ++++++++---
 net/key/af_key.c       | 11 +++++++--
 net/xfrm/espintcp.c    | 62 ++++++++++++++++++++++++++++++++++++++------------
 net/xfrm/xfrm_policy.c | 43 +++++++++++++++-------------------
 net/xfrm/xfrm_user.c   | 18 +++++++++------
 6 files changed, 104 insertions(+), 58 deletions(-)

Powered by blists - more mailing lists