linux/net
Steffen Klassert bcf66bf54a xfrm: Perform a replay check after return from async codepaths
When asyncronous crypto algorithms are used, there might be many
packets that passed the xfrm replay check, but the replay advance
function is not called yet for these packets. So the replay check
function would accept a replay of all of these packets. Also the
system might crash if there are more packets in async processing
than the size of the anti replay window, because the replay advance
function would try to update the replay window beyond the bounds.

This pach adds a second replay check after resuming from the async
processing to fix these issues.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-09-21 15:20:57 -04:00
..
9p net/9p: Fix kernel crash with msize 512K 2011-09-06 08:17:15 -05:00
802
8021q vlan: reset headers on accel emulation path 2011-08-18 21:29:27 -07:00
appletalk
atm atm: br2684: Fix oops due to skb->dev being NULL 2011-08-20 14:13:05 -07:00
ax25
batman-adv netdevice: Kill 'feature' test macros. 2011-07-12 12:28:58 -07:00
bluetooth Bluetooth: Fix timeout on scanning for the second time 2011-09-15 11:54:05 -03:00
bridge Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6 2011-08-30 17:43:56 -04:00
caif caif: fix a potential NULL dereference 2011-09-16 17:40:34 -04:00
can net/can/af_can.c: Change del_timer to del_timer_sync 2011-09-15 14:49:43 -04:00
ceph Merge branch 'for-linus' of git://ceph.newdream.net/git/ceph-client 2011-09-09 15:48:34 -07:00
core fib:fix BUG_ON in fib_nl_newrule when add new fib rule 2011-09-21 15:16:40 -04:00
dcb dcbnl: unlock on an error path in dcbnl_cee_fill() 2011-07-08 09:01:14 -07:00
dccp net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
decnet atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
dns_resolver
dsa
econet
ethernet net: don't clear IFF_XMIT_DST_RELEASE in ether_setup 2011-09-15 14:49:44 -04:00
ieee802154
ipv4 tcp: fix validation of D-SACK 2011-09-18 22:37:34 -04:00
ipv6 ipv6: fix a possible double free 2011-09-20 15:10:16 -04:00
ipx
irda IRDA: Fix global type conflicts in net/irda/irsysctl.c v2 2011-09-16 19:17:09 -04:00
iucv atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
key
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-07-28 05:58:19 -07:00
lapb
llc
mac80211 mac80211: fix missing sta_lock in __sta_info_destroy 2011-09-13 14:18:38 -04:00
netfilter Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6 2011-08-30 17:43:56 -04:00
netlabel net/netlabel/netlabel_kapi.c: add missing cleanup code 2011-08-11 05:52:57 -07:00
netlink
netrom
nfc NFC: add the NFC socket raw protocol 2011-07-05 15:26:58 -04:00
packet af-packet: fix - avoid reading stale data 2011-07-14 08:36:33 -07:00
phonet
rds notifiers: cpu: move cpu notifiers into cpu.h 2011-07-25 20:57:14 -07:00
rfkill
rose rose: Delete commented out references to ancient firewalling code. 2011-07-07 02:41:59 -07:00
rxrpc
sched pkt_sched: cls_rsvp.h was outdated 2011-09-15 14:49:43 -04:00
sctp sctp: deal with multiple COOKIE_ECHO chunks 2011-09-16 17:17:22 -04:00
sunrpc net: fix new sunrpc kernel-doc warning 2011-07-28 18:20:21 -07:00
tipc atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
unix new helpers: kern_path_create/user_path_create 2011-07-20 01:44:05 -04:00
wanrouter
wimax
wireless wireless: Fix rate mask for scan request 2011-09-16 15:32:11 -04:00
x25
xfrm xfrm: Perform a replay check after return from async codepaths 2011-09-21 15:20:57 -04:00
Kconfig NFC: add nfc subsystem core 2011-07-05 15:26:57 -04:00
Makefile NFC: add nfc subsystem core 2011-07-05 15:26:57 -04:00
compat.c
nonet.c
socket.c sendmmsg/sendmsg: fix unsafe user pointer access 2011-08-24 19:45:03 -07:00
sysctl_net.c