lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZFy9y1XC18g3JXqF@gauss3.secunet.de> Date: Thu, 11 May 2023 12:04:59 +0200 From: Steffen Klassert <steffen.klassert@...unet.com> To: Benedict Wong <benedictwong@...gle.com> CC: <netdev@...r.kernel.org>, <nharold@...gle.com>, <evitayan@...gle.com> Subject: Re: [PATCH ipsec] xfrm: Check if_id in inbound policy/secpath match On Wed, May 10, 2023 at 01:14:14AM +0000, Benedict Wong wrote: > This change ensures that if configured in the policy, the if_id set in > the policy and secpath states match during the inbound policy check. > Without this, there is potential for ambiguity where entries in the > secpath differing by only the if_id could be mismatched. > > Notably, this is checked in the outbound direction when resolving > templates to SAs, but not on the inbound path when matching SAs and > policies. > > Test: Tested against Android kernel unit tests & CTS > Signed-off-by: Benedict Wong <benedictwong@...gle.com> Applied, thanks a lot Ben!
Powered by blists - more mailing lists