iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Benedict Wong bd99da6472 xfrm: Check if_id in inbound policy/secpath match 
[ Upstream commit 8680407b6f8f5fba59e8f1d63c869abc280f04df ]

This change ensures that if configured in the policy, the if_id set in
the policy and secpath states match during the inbound policy check.
Without this, there is potential for ambiguity where entries in the
secpath differing by only the if_id could be mismatched.

Notably, this is checked in the outbound direction when resolving
templates to SAs, but not on the inbound path when matching SAs and
policies.

Test: Tested against Android kernel unit tests & CTS
Signed-off-by: Benedict Wong <benedictwong@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-06-09 10:30:09 +02:00
..
6lowpan
6lowpan: iphc: Fix an off-by-one check of array index
2021-09-15 09:50:34 +02:00
9p
9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
2023-04-20 12:10:25 +02:00
802
mrp: introduce active flags to prevent UAF when applicant uninit
2023-01-14 10:16:18 +01:00
8021q
vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
2023-05-30 12:57:53 +01:00
appletalk
appletalk: Fix skb allocation size in loopback case
2021-04-07 15:00:08 +02:00
atm
net/atm: fix proc_mpc_write incorrect return value
2022-10-30 09:41:16 +01:00
ax25
net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg
2022-06-22 14:13:17 +02:00
batman-adv
batman-adv: Don't skb_split skbuffs with frag_list
2022-05-18 10:23:42 +02:00
bluetooth
bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()
2023-06-05 09:07:04 +02:00
bpf
bpf: Move skb->len == 0 checks into __bpf_redirect
2023-01-14 10:15:31 +01:00
bpfilter
bpfilter: Specify the log level for the kmsg message
2021-07-14 16:56:29 +02:00
bridge
bridge: always declare tunnel functions
2023-05-30 12:57:53 +01:00
caif
net: caif: Fix use-after-free in cfusbl_device_notify()
2023-03-17 08:45:11 +01:00
can
can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag
2023-05-30 12:57:54 +01:00
ceph
libceph: fix potential use-after-free on linger ping and resends
2022-05-25 09:17:56 +02:00
core
udp6: Fix race condition in udp6_sendmsg & connect
2023-06-09 10:30:06 +02:00
dcb
net: dcb: disable softirqs in dcbnl_flush_dev()
2022-03-08 19:09:37 +01:00
dccp
dccp: Call inet6_destroy_sock() via sk->sk_destruct().
2023-04-26 11:27:42 +02:00
decnet
net: Fix data-races around sysctl_[rw]mem(_offset)?.
2022-08-31 17:15:19 +02:00
dns_resolver
dsa
net: dsa: ksz: Check return value
2022-12-14 11:32:01 +01:00
ethernet
ethtool
net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats
2023-01-24 07:19:55 +01:00
hsr
hsr: ratelimit only when errors are printed
2023-04-05 11:23:52 +02:00
ieee802154
net: ieee802154: fix error return code in dgram_bind()
2022-11-03 23:57:51 +09:00
ife
ipv4
tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
2023-06-09 10:30:06 +02:00
ipv6
ipv{4,6}/raw: fix output xfrm lookup wrt protocol
2023-06-05 09:07:04 +02:00
iucv
net/iucv: Fix size of interrupt data
2023-03-22 13:30:00 +01:00
kcm
kcm: close race conditions on sk_receive_queue
2022-11-25 17:45:56 +01:00
key
af_key: Reject optional tunnel/BEET mode templates in outbound policies
2023-05-30 12:57:51 +01:00
l2tp
inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
2023-04-26 11:27:41 +02:00
l3mdev
l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu
2022-04-27 13:53:50 +02:00
lapb
llc
net: deal with most data-races in sk_wait_event()
2023-05-30 12:57:46 +01:00
mac80211
wifi: mac80211: fix min center freq offset tracing
2023-05-30 12:57:53 +01:00
mac802154
mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
2022-12-14 11:32:01 +01:00
mpls
net: mpls: fix stale pointer if allocation fails during device rename
2023-02-22 12:55:58 +01:00
mptcp
inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
2023-04-26 11:27:41 +02:00
ncsi
net/ncsi: clear Tx enable mode when handling a Config required AEN
2023-05-17 11:48:10 +02:00
netfilter
netfilter: ctnetlink: Support offloaded conntrack entry deletion
2023-06-05 09:07:04 +02:00
netlabel
netlabel: fix out-of-bounds memory accesses
2022-04-13 21:01:00 +02:00
netlink
net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report
2023-06-09 10:30:06 +02:00
netrom
netrom: fix info-leak in nr_write_internal()
2023-06-09 10:30:05 +02:00
nfc
nfc: change order inside nfc_se_io error path
2023-03-17 08:45:07 +01:00
nsh
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
2023-05-30 12:57:52 +01:00
openvswitch
net: openvswitch: fix possible memory leak in ovs_meter_cmd_set()
2023-02-22 12:55:57 +01:00
packet
af_packet: do not use READ_ONCE() in packet_bind()
2023-06-09 10:30:05 +02:00
phonet
phonet: refcount leak in pep_sock_accep
2022-01-11 15:25:01 +01:00
psample
net: psample: Fix netlink skb length with tunnel info
2021-03-07 12:34:07 +01:00
qrtr
net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()
2023-04-20 12:10:26 +02:00
rds
rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
2023-03-11 16:39:26 +01:00
rfkill
rose
net/rose: Fix to not accept on connected socket
2023-02-22 12:55:53 +01:00
rxrpc
rxrpc: Fix hard call timeout units
2023-05-17 11:48:11 +02:00
sched
net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
2023-06-09 10:30:07 +02:00
sctp
sctp: Call inet6_destroy_sock() via sk->sk_destruct().
2023-04-26 11:27:42 +02:00
smc
net: deal with most data-races in sk_wait_event()
2023-05-30 12:57:46 +01:00
strparser
bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
2021-11-18 14:04:27 +01:00
sunrpc
SUNRPC: Fix trace_svc_register() call site
2023-05-30 12:57:52 +01:00
switchdev
tipc
tipc: check the bearer min mtu properly when setting it by netlink
2023-05-30 12:57:52 +01:00
tls
net: deal with most data-races in sk_wait_event()
2023-05-30 12:57:46 +01:00
unix
af_unix: Fix data races around sk->sk_shutdown.
2023-05-30 12:57:46 +01:00
vmw_vsock
vsock: avoid to close connected socket after the timeout
2023-05-30 12:57:52 +01:00
wimax
wireless
wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext"
2023-03-13 10:19:36 +01:00
x25
net/x25: Fix to not accept on connected socket
2023-02-15 17:22:15 +01:00
xdp
xsk: Fix unaligned descriptor validation
2023-05-17 11:47:50 +02:00
xfrm
xfrm: Check if_id in inbound policy/secpath match
2023-06-09 10:30:09 +02:00
compat.c
net: Return the correct errno code
2021-06-18 10:00:06 +02:00
devres.c
Kconfig
Makefile
socket.c
net: annotate sk->sk_err write from do_recvmmsg()
2023-05-30 12:57:46 +01:00
sysctl_net.c