mbox

[0/11] pull request (net): ipsec 2023-08-15

Message ID 20230815095310.3310160-1-steffen.klassert@secunet.com (mailing list archive)
State Accepted
Delegated to: Netdev Maintainers
Headers show

Pull-request

git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git tags/ipsec-2023-08-15

Message

Steffen Klassert Aug. 15, 2023, 9:52 a.m. UTC 
1) Fix a slab-out-of-bounds read in xfrm_address_filter.
   From Lin Ma.

2) Fix the pfkey sadb_x_filter validation.
   From Lin Ma.

3) Use the correct nla_policy structure for XFRMA_SEC_CTX.
   From Lin Ma.

4) Fix warnings triggerable by bad packets in the encap functions.
   From Herbert Xu.

5) Fix some slab-use-after-free in decode_session6.
   From Zhengchao Shao.

6) Fix a possible NULL piointer dereference in xfrm_update_ae_params.
   Lin Ma.

7) Add a forgotten nla_policy for XFRMA_MTIMER_THRESH.
   From Lin Ma.

8) Don't leak offloaded policies.
   From Leon Romanovsky.

9) Delete also the offloading part of an acquire state.
   From Leon Romanovsky.

Please pull or let me know if there are problems.

Thanks!

The following changes since commit 3a8a670eeeaa40d87bd38a587438952741980c18:

  Merge tag 'net-next-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next (2023-06-28 16:43:10 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git tags/ipsec-2023-08-15

for you to fetch changes up to f3ec2b5d879ef5bbcb24678914641343cb6399a2:

  xfrm: don't skip free of empty state in acquire policy (2023-08-01 12:04:43 +0200)

----------------------------------------------------------------
ipsec-2023-08-15

----------------------------------------------------------------
Herbert Xu (1):
      xfrm: Silence warnings triggerable by bad packets

Leon Romanovsky (2):
      xfrm: delete offloaded policy
      xfrm: don't skip free of empty state in acquire policy

Lin Ma (5):
      net: xfrm: Fix xfrm_address_filter OOB read
      net: af_key: fix sadb_x_filter validation
      net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure
      xfrm: add NULL check in xfrm_update_ae_params
      xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH

Zhengchao Shao (3):
      xfrm: fix slab-use-after-free in decode_session6
      ip6_vti: fix slab-use-after-free in decode_session6
      ip_vti: fix potential slab-use-after-free in decode_session6

 include/net/xfrm.h             |  1 +
 net/ipv4/ip_vti.c              |  4 ++--
 net/ipv6/ip6_vti.c             |  4 ++--
 net/key/af_key.c               |  4 ++--
 net/xfrm/xfrm_compat.c         |  2 +-
 net/xfrm/xfrm_input.c          | 22 +++++++++-------------
 net/xfrm/xfrm_interface_core.c |  4 ++--
 net/xfrm/xfrm_state.c          |  8 ++------
 net/xfrm/xfrm_user.c           | 15 +++++++++++++--
 9 files changed, 34 insertions(+), 30 deletions(-)

Comments

Jakub Kicinski Aug. 17, 2023, 3:23 a.m. UTC | #1 
On Tue, 15 Aug 2023 11:52:59 +0200 Steffen Klassert wrote:
> ipsec-2023-08-15

Looks merged, 5fc43ce03b in net, thanks!