linux/net
Steffen Klassert bcf66bf54a xfrm: Perform a replay check after return from async codepaths
When asyncronous crypto algorithms are used, there might be many
packets that passed the xfrm replay check, but the replay advance
function is not called yet for these packets. So the replay check
function would accept a replay of all of these packets. Also the
system might crash if there are more packets in async processing
than the size of the anti replay window, because the replay advance
function would try to update the replay window beyond the bounds.

This pach adds a second replay check after resuming from the async
processing to fix these issues.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-21 15:20:57 -04:00
..
9p net/9p: Fix kernel crash with msize 512K 2011-09-06 08:17:15 -05:00
802 snap: remove one synchronize_net() 2011-05-23 16:29:24 -04:00
8021q vlan: reset headers on accel emulation path 2011-08-18 21:29:27 -07:00
appletalk appletalk: Reduce switch/case indent 2011-07-01 16:11:15 -07:00
atm atm: br2684: Fix oops due to skb->dev being NULL 2011-08-20 14:13:05 -07:00
ax25 ax25: Fix set-but-unused variable. 2011-04-17 00:48:31 -07:00
batman-adv netdevice: Kill 'feature' test macros. 2011-07-12 12:28:58 -07:00
bluetooth Bluetooth: Fix timeout on scanning for the second time 2011-09-15 11:54:05 -03:00
bridge Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6 2011-08-30 17:43:56 -04:00
caif caif: fix a potential NULL dereference 2011-09-16 17:40:34 -04:00
can net/can/af_can.c: Change del_timer to del_timer_sync 2011-09-15 14:49:43 -04:00
ceph Merge branch 'for-linus' of git://ceph.newdream.net/git/ceph-client 2011-09-09 15:48:34 -07:00
core fib:fix BUG_ON in fib_nl_newrule when add new fib rule 2011-09-21 15:16:40 -04:00
dcb dcbnl: unlock on an error path in dcbnl_cee_fill() 2011-07-08 09:01:14 -07:00
dccp net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
decnet atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
dns_resolver KEYS: Improve /proc/keys 2011-03-17 11:59:32 +11:00
dsa DSA: Enable cascading in multi-chip 6131 configuration 2011-06-29 05:53:49 -07:00
econet af_econet: Use current logging styles and neatening 2011-07-03 20:05:16 -07:00
ethernet net: don't clear IFF_XMIT_DST_RELEASE in ether_setup 2011-09-15 14:49:44 -04:00
ieee802154 ieee802154: free skb buffer if dev isn't running 2011-06-30 16:18:09 +04:00
ipv4 tcp: fix validation of D-SACK 2011-09-18 22:37:34 -04:00
ipv6 ipv6: fix a possible double free 2011-09-20 15:10:16 -04:00
ipx ipx: fix ipx_release() 2011-03-21 18:16:39 -07:00
irda IRDA: Fix global type conflicts in net/irda/irsysctl.c v2 2011-09-16 19:17:09 -04:00
iucv atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
key net: Remove casts of void * 2011-06-16 23:19:27 -04:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-07-28 05:58:19 -07:00
lapb lapb: Reduce switch/case indent 2011-07-01 16:11:16 -07:00
llc llc: Fix length check in llc_fixup_skb(). 2011-04-11 18:59:05 -07:00
mac80211 mac80211: fix missing sta_lock in __sta_info_destroy 2011-09-13 14:18:38 -04:00
netfilter Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6 2011-08-30 17:43:56 -04:00
netlabel net/netlabel/netlabel_kapi.c: add missing cleanup code 2011-08-11 05:52:57 -07:00
netlink Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem 2011-06-24 15:25:51 -04:00
netrom netrom: Reduce switch/case indent 2011-07-01 16:11:16 -07:00
nfc NFC: add the NFC socket raw protocol 2011-07-05 15:26:58 -04:00
packet af-packet: fix - avoid reading stale data 2011-07-14 08:36:33 -07:00
phonet rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
rds notifiers: cpu: move cpu notifiers into cpu.h 2011-07-25 20:57:14 -07:00
rfkill net: rfkill: add generic gpio rfkill driver 2011-05-19 13:53:54 -04:00
rose rose: Delete commented out references to ancient firewalling code. 2011-07-07 02:41:59 -07:00
rxrpc rxrpc: Fix set but unused variable 'usage' in rxrpc_get_transport() 2011-05-19 18:51:50 -04:00
sched pkt_sched: cls_rsvp.h was outdated 2011-09-15 14:49:43 -04:00
sctp sctp: deal with multiple COOKIE_ECHO chunks 2011-09-16 17:17:22 -04:00
sunrpc net: fix new sunrpc kernel-doc warning 2011-07-28 18:20:21 -07:00
tipc atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
unix new helpers: kern_path_create/user_path_create 2011-07-20 01:44:05 -04:00
wanrouter Fix common misspellings 2011-03-31 11:26:23 -03:00
wimax
wireless wireless: Fix rate mask for scan request 2011-09-16 15:32:11 -04:00
x25 x25: Reduce switch/case indent 2011-07-01 16:11:16 -07:00
xfrm xfrm: Perform a replay check after return from async codepaths 2011-09-21 15:20:57 -04:00
compat.c net: Add sendmmsg socket system call 2011-05-05 11:10:14 -07:00
Kconfig NFC: add nfc subsystem core 2011-07-05 15:26:57 -04:00
Makefile NFC: add nfc subsystem core 2011-07-05 15:26:57 -04:00
nonet.c
socket.c sendmmsg/sendmsg: fix unsafe user pointer access 2011-08-24 19:45:03 -07:00
sysctl_net.c