Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next

Steffen Klassert says: ==================== pull request (net-next): ipsec-next 2017-09-01 This should be the last ipsec-next pull request for this release cycle: 1) Support netdevice ESP trailer removal when decryption is offloaded. From Yossi Kuperman. 2) Fix overwritten return value of copy_sec_ctx(). Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2017-09-01 09:57:04 -0700
committer: David S. Miller <davem@davemloft.net> 2017-09-01 09:57:04 -0700
commit: 08daaec742d170eabe7f8355c2f86fc8be166f10 (patch)
tree: 27f1f3eda0433788d05271cc1e8c7f06af23e973 /net/xfrm/xfrm_input.c
parent: 8fd682072335e98b53823c89efa4d2460e79a3d5 (diff)
parent: 8598112d04af21cf6c895670e72dcb8a9f58e74f (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index f07eec59dcae..2515cd2bc5db 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -247,6 +247,11 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
 					goto drop;
 				}
 
+				if (xo->status & CRYPTO_INVALID_PROTOCOL) {
+					XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEPROTOERROR);
+					goto drop;
+				}
+
 				XFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR);
 				goto drop;
 			}
author	David S. Miller <davem@davemloft.net>	2017-09-01 09:57:04 -0700
committer	David S. Miller <davem@davemloft.net>	2017-09-01 09:57:04 -0700
commit	08daaec742d170eabe7f8355c2f86fc8be166f10 (patch)
tree	27f1f3eda0433788d05271cc1e8c7f06af23e973 /net/xfrm/xfrm_input.c
parent	8fd682072335e98b53823c89efa4d2460e79a3d5 (diff)
parent	8598112d04af21cf6c895670e72dcb8a9f58e74f (diff)