pull request (net): ipsec 2018-05-31

Steffen Klassert Thu, 31 May 2018 03:24:02 -0700

1) Avoid possible overflow of the offset variable
   in  _decode_session6(), this fixes an infinite
   lookp there. From Eric Dumazet.


2) We may use an error pointer in the error path of
   xfrm_bundle_create(). Fix this by returning this
   pointer directly to the caller.

Please pull or let me know if there are problems.

Thanks!

The following changes since commit 2c5d5b13c6eb79f5677e206b8aad59b3a2097f60:

  llc: better deal with too small mtu (2018-05-08 00:11:40 -0400)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master

for you to fetch changes up to 38369f54d97dd7dc50c73a2797bfeb53c2e87d2d:

  xfrm Fix potential error pointer dereference in xfrm_bundle_create. 
(2018-05-31 09:53:04 +0200)

----------------------------------------------------------------
Eric Dumazet (1):
      xfrm6: avoid potential infinite loop in _decode_session6()

Steffen Klassert (1):
      xfrm Fix potential error pointer dereference in xfrm_bundle_create.

 net/ipv6/xfrm6_policy.c | 2 +-
 net/xfrm/xfrm_policy.c  | 5 ++---
 2 files changed, 3 insertions(+), 4 deletions(-)

pull request (net): ipsec 2018-05-31

Reply via email to