Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 11f1fb34 authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 



Steffen Klassert says:

====================
pull request (net): ipsec 2014-07-23

Just two fixes this time, both are stable candidates.

1) Fix the dst_entry refcount on socket policy usage.

2) Fix a wrong SPI check that prevents AH SAs from getting
   installed, dependent on the SPI. From Tobias Brunner.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents dd1d3f8f a0e5ef53

net/xfrm/xfrm_policy.c

+2 −0
Original line number Original line Diff line number Diff line
@@ -2097,6 +2097,8 @@ struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig, 
				goto no_transform;

				goto no_transform;

			}

			}





			dst_hold(&xdst->u.dst);

			xdst->u.dst.flags |= DST_NOCACHE;

			route = xdst->route;

			route = xdst->route;

		}

		}

	}

	}

net/xfrm/xfrm_user.c

+3 −4
Original line number Original line Diff line number Diff line
@@ -177,9 +177,7 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, 
		    attrs[XFRMA_ALG_AEAD]	||

		    attrs[XFRMA_ALG_AEAD]	||

		    attrs[XFRMA_ALG_CRYPT]	||

		    attrs[XFRMA_ALG_CRYPT]	||

		    attrs[XFRMA_ALG_COMP]	||

		    attrs[XFRMA_ALG_COMP]	||

		    attrs[XFRMA_TFCPAD]		||

		    attrs[XFRMA_TFCPAD])

		    (ntohl(p->id.spi) >= 0x10000))



			goto out;

			goto out;

		break;

		break;
@@ -207,7 +205,8 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, 
		    attrs[XFRMA_ALG_AUTH]	||

		    attrs[XFRMA_ALG_AUTH]	||

		    attrs[XFRMA_ALG_AUTH_TRUNC]	||

		    attrs[XFRMA_ALG_AUTH_TRUNC]	||

		    attrs[XFRMA_ALG_CRYPT]	||

		    attrs[XFRMA_ALG_CRYPT]	||

		    attrs[XFRMA_TFCPAD])

		    attrs[XFRMA_TFCPAD]		||

		    (ntohl(p->id.spi) >= 0x10000))

			goto out;

			goto out;

		break;

		break;