linux/net/xfrm
Sabrina Dubroca fadd1a63a7 espintcp: handle short messages instead of breaking the encap socket
Currently, short messages (less than 4 bytes after the length header)
will break the stream of messages. This is unnecessary, since we can
still parse messages even if they're too short to contain any usable
data. This is also bogus, as keepalive messages (a single 0xff byte),
though not needed with TCP encapsulation, should be allowed.

This patch changes the stream parser so that short messages are
accepted and dropped in the kernel. Messages that contain a valid SPI
or non-ESP header are processed as before.

Fixes: e27cca96cd ("xfrm: add espintcp (RFC 8229)")
Reported-by: Andrew Cagney <cagney@libreswan.org>
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2020-07-30 06:51:35 +02:00
..
espintcp.c espintcp: handle short messages instead of breaking the encap socket 2020-07-30 06:51:35 +02:00
Kconfig Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2020-06-19 13:03:47 -07:00
Makefile xfrm: add IPv6 support for espintcp 2020-04-28 11:28:36 +02:00
xfrm_algo.c crypto: skcipher - remove the "blkcipher" algorithm type 2019-11-01 13:38:32 +08:00
xfrm_device.c xfrm: Fix double ESP trailer insertion in IPsec crypto offload. 2020-06-04 10:45:14 +02:00
xfrm_hash.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
xfrm_hash.h xfrm: use complete IPv6 addresses for hash 2018-10-15 10:09:18 +02:00
xfrm_inout.h xfrm: move xfrm4_extract_header to common helper 2020-05-06 09:40:08 +02:00
xfrm_input.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-31 17:48:46 -07:00
xfrm_interface.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-31 17:48:46 -07:00
xfrm_ipcomp.c net: Use skb_frag_off accessors 2019-07-30 14:21:32 -07:00
xfrm_output.c xfrm: merge fixup for "remove output_finish indirection from xfrm_state_afinfo" 2020-06-05 08:10:08 +02:00
xfrm_policy.c xfrm: policy: fix IPv6-only espintcp compilation 2020-07-17 10:22:22 +02:00
xfrm_proc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
xfrm_replay.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 335 2019-06-05 17:37:06 +02:00
xfrm_state.c xfrm: Use kmem_cache_zalloc() instead of kmem_cache_alloc() with flag GFP_ZERO. 2020-02-19 09:33:56 +01:00
xfrm_sysctl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm_user.c xfrm: policy: match with both mark and mask on user interfaces 2020-06-24 09:13:13 +02:00