1) Copy policy family in clone_policy, otherwise this can
   trigger a BUG_ON in af_key. From Herbert Xu.

2) Revert "xfrm: Fix stack-out-of-bounds read in xfrm_state_find."
   This added a regression with transport mode when no addresses
   are configured on the policy template.

Both patches are stable candidates.

Please pull or let me know if there are problems.

Thanks!

The following changes since commit b39545684a90ef3374abc0969d64c7bc540d128d:

  Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net (2017-11-11 
09:10:39 -0800)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master

for you to fetch changes up to 94802151894d482e82c324edf2c658f8e6b96508:

  Revert "xfrm: Fix stack-out-of-bounds read in xfrm_state_find." (2017-11-15 
06:42:28 +0100)

----------------------------------------------------------------
Herbert Xu (1):
      xfrm: Copy policy family in clone_policy

Steffen Klassert (1):
      Revert "xfrm: Fix stack-out-of-bounds read in xfrm_state_find."

 net/xfrm/xfrm_policy.c | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

Reply via email to