diff options
author | David S. Miller <davem@davemloft.net> | 2014-07-23 21:56:36 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-07-23 21:56:36 -0700 |
commit | 11f1fb3459d7b0b36c887dbd930e462f1e011d4d (patch) | |
tree | 4e9879e010a26c7a2ee7f3a3f35647885aa3b4e0 /net | |
parent | dd1d3f8f9920926aa426589e542eed6bf58b7354 (diff) | |
parent | a0e5ef53aac8e5049f9344857d8ec5237d31e58b (diff) | |
download | op-kernel-dev-11f1fb3459d7b0b36c887dbd930e462f1e011d4d.zip op-kernel-dev-11f1fb3459d7b0b36c887dbd930e462f1e011d4d.tar.gz |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:
====================
pull request (net): ipsec 2014-07-23
Just two fixes this time, both are stable candidates.
1) Fix the dst_entry refcount on socket policy usage.
2) Fix a wrong SPI check that prevents AH SAs from getting
installed, dependent on the SPI. From Tobias Brunner.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/xfrm/xfrm_policy.c | 2 | ||||
-rw-r--r-- | net/xfrm/xfrm_user.c | 7 |
2 files changed, 5 insertions, 4 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index a8ef510..0525d78 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -2097,6 +2097,8 @@ struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig, goto no_transform; } + dst_hold(&xdst->u.dst); + xdst->u.dst.flags |= DST_NOCACHE; route = xdst->route; } } diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 412d9dc..d4db6eb 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -177,9 +177,7 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, attrs[XFRMA_ALG_AEAD] || attrs[XFRMA_ALG_CRYPT] || attrs[XFRMA_ALG_COMP] || - attrs[XFRMA_TFCPAD] || - (ntohl(p->id.spi) >= 0x10000)) - + attrs[XFRMA_TFCPAD]) goto out; break; @@ -207,7 +205,8 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, attrs[XFRMA_ALG_AUTH] || attrs[XFRMA_ALG_AUTH_TRUNC] || attrs[XFRMA_ALG_CRYPT] || - attrs[XFRMA_TFCPAD]) + attrs[XFRMA_TFCPAD] || + (ntohl(p->id.spi) >= 0x10000)) goto out; break; |