diff options
author | David S. Miller <davem@davemloft.net> | 2016-09-22 02:56:23 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2016-09-22 02:56:23 -0400 |
commit | ba1ba25d3159573ffdc9e79e5c3dfcf9c5742964 (patch) | |
tree | c2572c4362e4ceaa7bfc6b2d6136d22026d37c40 /net/ipv4 | |
parent | 290b774a1e0cb385658ba117452e2a2962323b1f (diff) | |
parent | 63c43787d35e45562a6b5927e2edc8f4783d95b8 (diff) | |
download | op-kernel-dev-ba1ba25d3159573ffdc9e79e5c3dfcf9c5742964.zip op-kernel-dev-ba1ba25d3159573ffdc9e79e5c3dfcf9c5742964.tar.gz |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:
====================
pull request (net): ipsec 2016-09-21
1) Propagate errors on security context allocation.
From Mathias Krause.
2) Fix inbound policy checks for inter address family tunnels.
From Thomas Zeitlhofer.
3) Fix an old memory leak on aead algorithm usage.
From Ilan Tayari.
4) A recent patch fixed a possible NULL pointer dereference
but broke the vti6 input path.
Fix from Nicolas Dichtel.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/ip_vti.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c index cc701fa..5d7944f 100644 --- a/net/ipv4/ip_vti.c +++ b/net/ipv4/ip_vti.c @@ -88,6 +88,7 @@ static int vti_rcv_cb(struct sk_buff *skb, int err) struct net_device *dev; struct pcpu_sw_netstats *tstats; struct xfrm_state *x; + struct xfrm_mode *inner_mode; struct ip_tunnel *tunnel = XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4; u32 orig_mark = skb->mark; int ret; @@ -105,7 +106,19 @@ static int vti_rcv_cb(struct sk_buff *skb, int err) } x = xfrm_input_state(skb); - family = x->inner_mode->afinfo->family; + + inner_mode = x->inner_mode; + + if (x->sel.family == AF_UNSPEC) { + inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol); + if (inner_mode == NULL) { + XFRM_INC_STATS(dev_net(skb->dev), + LINUX_MIB_XFRMINSTATEMODEERROR); + return -EINVAL; + } + } + + family = inner_mode->afinfo->family; skb->mark = be32_to_cpu(tunnel->parms.i_key); ret = xfrm_policy_check(NULL, XFRM_POLICY_IN, skb, family); |