On Tue, Apr 25, 2017 at 5:51 PM, Sabrina Dubroca wrote:
> 2017-04-25, 17:39:09 +0200, Jason A. Donenfeld wrote:
>> Hi Sabrina,
>>
>> I think I may have beaten you to the punch here by a few minutes. :)
>
> I said I was going to post a patch.
> Mail headers seem to disagree with you ;)
Oh, whoops,
2017-04-25, 17:39:09 +0200, Jason A. Donenfeld wrote:
> Hi Sabrina,
>
> I think I may have beaten you to the punch here by a few minutes. :)
I said I was going to post a patch.
Mail headers seem to disagree with you ;)
> The difference between our two versions is that you don't re-add the
> FRA
Hi Sabrina,
I think I may have beaten you to the punch here by a few minutes. :)
The difference between our two versions is that you don't re-add the
FRAGLIST attribute, whereas my patch does, and then it does the
dynamic allocation. I suspect this might be a bit more robust. It also
ensures that
The previous fix for this issue, commit 4d6fa57b4dab ("macsec: avoid
heap overflow in skb_to_sgvec"), doesn't really fix much. It removed the
NETIF_F_FRAGLIST flag from MACsec device features, but this flag isn't
checked anywhere in the codepaths leading to a macsec_decrypt() call.
On TX, macsec c
