diff options
| author | David S. Miller <davem@davemloft.net> | 2018-05-08 06:51:30 +0300 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2018-05-08 06:51:30 +0300 |
| commit | 1822f638e8af1f5e277e61d2245ffa826c22a4a4 (patch) | |
| tree | fe9109c95fa47dc388331d6b6887c3a11018abd2 /net/ipv6/xfrm6_tunnel.c | |
| parent | 080324c36ade319f57e505633ab54f6f53289b45 (diff) | |
| parent | b4331a681822b420511b3258f1c3db35001fde48 (diff) | |
| download | linux-1822f638e8af1f5e277e61d2245ffa826c22a4a4.tar.xz | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:
====================
pull request (net): ipsec 2018-05-07
1) Always verify length of provided sadb_key to fix a
slab-out-of-bounds read in pfkey_add. From Kevin Easton.
2) Make sure that all states are really deleted
before we check that the state lists are empty.
Otherwise we trigger a warning.
3) Fix MTU handling of the VTI6 interfaces on
interfamily tunnels. From Stefano Brivio.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/xfrm6_tunnel.c')
| -rw-r--r-- | net/ipv6/xfrm6_tunnel.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/ipv6/xfrm6_tunnel.c b/net/ipv6/xfrm6_tunnel.c index f85f0d7480ac..4a46df8441c9 100644 --- a/net/ipv6/xfrm6_tunnel.c +++ b/net/ipv6/xfrm6_tunnel.c @@ -341,6 +341,9 @@ static void __net_exit xfrm6_tunnel_net_exit(struct net *net) struct xfrm6_tunnel_net *xfrm6_tn = xfrm6_tunnel_pernet(net); unsigned int i; + xfrm_state_flush(net, IPSEC_PROTO_ANY, false); + xfrm_flush_gc(); + for (i = 0; i < XFRM6_TUNNEL_SPI_BYADDR_HSIZE; i++) WARN_ON_ONCE(!hlist_empty(&xfrm6_tn->spi_byaddr[i])); |