diff options
| author | David S. Miller <davem@davemloft.net> | 2015-10-22 10:46:05 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2015-10-22 10:46:05 -0400 |
| commit | 199c6550694dcdf5f568ea9db6fe2b46d14e4fa5 (patch) | |
| tree | fb5470adee1da01764c37ed0f5e9d038d60e5822 /net/ipv6/xfrm6_policy.c | |
| parent | d46a9d678e4c9fac1e968d0593e4dba683389324 (diff) | |
| parent | ca064bd89363a6e7e71b1c5226ff1b718957a9d4 (diff) | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:
====================
pull request (net): ipsec 2015-10-22
1) Fix IPsec pre-encap fragmentation for GSO packets.
From Herbert Xu.
2) Fix some header checks in _decode_session6.
We skip the header informations if the data pointer points
already behind the header in question for some protocols.
This is because we call pskb_may_pull with a negative value
converted to unsigened int from pskb_may_pull in this case.
Skipping the header informations can lead to incorrect policy
lookups. From Mathias Krause.
3) Allow to change the replay threshold and expiry timer of a
state without having to set other attributes like replay
counter and byte lifetime. Changing these other attributes
may break the SA. From Michael Rossberg.
4) Fix pmtu discovery for local generated packets.
We may fail dispatch to the inner address family.
As a reault, the local error handler is not called
and the mtu value is not reported back to userspace.
Please pull or let me know if there are problems.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/xfrm6_policy.c')
| -rw-r--r-- | net/ipv6/xfrm6_policy.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c index 5cedfda4b241..da55e0c85bb8 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c | |||
| @@ -179,7 +179,8 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) | |||
| 179 | return; | 179 | return; |
| 180 | 180 | ||
| 181 | case IPPROTO_ICMPV6: | 181 | case IPPROTO_ICMPV6: |
| 182 | if (!onlyproto && pskb_may_pull(skb, nh + offset + 2 - skb->data)) { | 182 | if (!onlyproto && (nh + offset + 2 < skb->data || |
| 183 | pskb_may_pull(skb, nh + offset + 2 - skb->data))) { | ||
| 183 | u8 *icmp; | 184 | u8 *icmp; |
| 184 | 185 | ||
| 185 | nh = skb_network_header(skb); | 186 | nh = skb_network_header(skb); |
| @@ -193,7 +194,8 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) | |||
| 193 | #if IS_ENABLED(CONFIG_IPV6_MIP6) | 194 | #if IS_ENABLED(CONFIG_IPV6_MIP6) |
| 194 | case IPPROTO_MH: | 195 | case IPPROTO_MH: |
| 195 | offset += ipv6_optlen(exthdr); | 196 | offset += ipv6_optlen(exthdr); |
| 196 | if (!onlyproto && pskb_may_pull(skb, nh + offset + 3 - skb->data)) { | 197 | if (!onlyproto && (nh + offset + 3 < skb->data || |
| 198 | pskb_may_pull(skb, nh + offset + 3 - skb->data))) { | ||
| 197 | struct ip6_mh *mh; | 199 | struct ip6_mh *mh; |
| 198 | 200 | ||
| 199 | nh = skb_network_header(skb); | 201 | nh = skb_network_header(skb); |