Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec

Steffen Klassert says: ==================== pull request (net): ipsec 2018-05-31 1) Avoid possible overflow of the offset variable in _decode_session6(), this fixes an infinite lookp there. From Eric Dumazet. 2) We may use an error pointer in the error path of xfrm_bundle_create(). Fix this by returning this pointer directly to the caller. Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2018-06-01 13:25:41 -0400
committer: David S. Miller <davem@davemloft.net> 2018-06-01 13:25:41 -0400
commit: ccfde6e27d9566bee596d41a2cc6f158af8595d5 (patch)
tree: afc718c79fd75ed746ea4796a045125d1aac4827 /net/ipv6
parent: a95691bc54af1ac4b12c354f91e9cabf1cb068df (diff)
parent: 38369f54d97dd7dc50c73a2797bfeb53c2e87d2d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 416fe67271a9..86dba282a147 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -126,7 +126,7 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
 	struct flowi6 *fl6 = &fl->u.ip6;
 	int onlyproto = 0;
 	const struct ipv6hdr *hdr = ipv6_hdr(skb);
-	u16 offset = sizeof(*hdr);
+	u32 offset = sizeof(*hdr);
 	struct ipv6_opt_hdr *exthdr;
 	const unsigned char *nh = skb_network_header(skb);
 	u16 nhoff = IP6CB(skb)->nhoff;
author	David S. Miller <davem@davemloft.net>	2018-06-01 13:25:41 -0400
committer	David S. Miller <davem@davemloft.net>	2018-06-01 13:25:41 -0400
commit	ccfde6e27d9566bee596d41a2cc6f158af8595d5 (patch)
tree	afc718c79fd75ed746ea4796a045125d1aac4827 /net/ipv6
parent	a95691bc54af1ac4b12c354f91e9cabf1cb068df (diff)
parent	38369f54d97dd7dc50c73a2797bfeb53c2e87d2d (diff)