On Mon, Feb 12, 2018 at 02:42:01PM +0100, Florian Westphal wrote:
> The sanity test added in ecd7918745234 can be bypassed, validation
> only occurs if XFRM_STATE_ESN flag is set, but rest of code doesn't care
> and just checks if the attribute itself is present.
>
> So always validate.
The sanity test added in ecd7918745234 can be bypassed, validation
only occurs if XFRM_STATE_ESN flag is set, but rest of code doesn't care
and just checks if the attribute itself is present.
So always validate. Alternative is to reject if we have the attribute
without the flag but that would