1) Always verify length of provided sadb_key to fix a
slab-out-of-bounds read in pfkey_add. From Kevin Easton.
2) Make sure that all states are really deleted
before we check that the state lists are empty.
Otherwise we trigger a warning.
3) Fix MTU handling of the VTI6 interfaces on
interfamily tunnels. From Stefano Brivio.
Please pull or let me know if there are problems.
Thanks!
The following changes since commit 76327a35caabd1a932e83d6a42b967aa08584e5d:
dp83640: Ensure against premature access to PHY registers after reset
(2018-04-08 19:58:52 -0400)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master
for you to fetch changes up to b4331a681822b420511b3258f1c3db35001fde48:
vti6: Change minimum MTU to IPV4_MIN_MTU, vti6 can carry IPv4 too (2018-04-27
07:29:23 +0200)
----------------------------------------------------------------
Kevin Easton (1):
af_key: Always verify length of provided sadb_key
Stefano Brivio (1):
vti6: Change minimum MTU to IPV4_MIN_MTU, vti6 can carry IPv4 too
Steffen Klassert (1):
xfrm: Fix warning in xfrm6_tunnel_net_exit.
include/net/xfrm.h | 1 +
net/ipv6/ip6_vti.c | 4 ++--
net/ipv6/xfrm6_tunnel.c | 3 +++
net/key/af_key.c | 45 +++++++++++++++++++++++++++++++++++----------
net/xfrm/xfrm_state.c | 6 ++++++
5 files changed, 47 insertions(+), 12 deletions(-)
