summaryrefslogtreecommitdiff
path: root/net/ipv6/xfrm6_policy.c
diff options
context:
space:
mode:
authorGreg Kroah-Hartman <gregkh@google.com>2018-07-03 18:23:34 +0200
committerGreg Kroah-Hartman <gregkh@google.com>2018-07-03 18:23:34 +0200
commit7ba55570970cdd9f14e81a98af451d6efc0e2cbc (patch)
treee7629204471bd5cdbff86fcbde74e316b3f454b8 /net/ipv6/xfrm6_policy.c
parentcf21a9ac5ee4f57c6f45fe2b09d197bdc038f39d (diff)
parent16af098616e73b39c4d98b0d4358cc29a9539c98 (diff)
Merge 4.4.139 into android-4.4
Changes in 4.4.139 xfrm6: avoid potential infinite loop in _decode_session6() netfilter: ebtables: handle string from userspace with care ipvs: fix buffer overflow with sync daemon and service atm: zatm: fix memcmp casting net: qmi_wwan: Add Netgear Aircard 779S net/sonic: Use dma_mapping_error() Revert "Btrfs: fix scrub to repair raid6 corruption" tcp: do not overshoot window_clamp in tcp_rcv_space_adjust() Btrfs: make raid6 rebuild retry more usb: musb: fix remote wakeup racing with suspend bonding: re-evaluate force_primary when the primary slave name changes tcp: verify the checksum of the first data segment in a new connection ext4: update mtime in ext4_punch_hole even if no blocks are released ext4: fix fencepost error in check for inode count overflow during resize driver core: Don't ignore class_dir_create_and_add() failure. btrfs: scrub: Don't use inode pages for device replace ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() ALSA: hda: add dock and led support for HP EliteBook 830 G5 ALSA: hda: add dock and led support for HP ProBook 640 G4 cpufreq: Fix new policy initialization during limits updates via sysfs libata: zpodd: make arrays cdb static, reduces object code size libata: zpodd: small read overflow in eject_tray() libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk w1: mxc_w1: Enable clock before calling clk_get_rate() on it fs/binfmt_misc.c: do not allow offset overflow x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec() m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version signal/xtensa: Consistenly use SIGBUS in do_unaligned_user usb: do not reset if a low-speed or full-speed device timed out 1wire: family module autoload fails because of upper/lower case mismatch. ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it ASoC: cirrus: i2s: Fix LRCLK configuration ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup lib/vsprintf: Remove atomic-unsafe support for %pCr mips: ftrace: fix static function graph tracing branch-check: fix long->int truncation when profiling branches ipmi:bt: Set the timeout before doing a capabilities check Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader fuse: atomic_o_trunc should truncate pagecache fuse: don't keep dead fuse_conn at fuse_fill_super(). fuse: fix control dir setup and teardown powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG powerpc/ptrace: Fix enforcement of DAWR constraints cpuidle: powernv: Fix promotion from snooze if next state disabled powerpc/fadump: Unregister fadump on kexec down path. ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size of: unittest: for strings, account for trailing \0 in property length field IB/qib: Fix DMA api warning with debug kernel RDMA/mlx4: Discard unknown SQP work requests mtd: cfi_cmdset_0002: Change write buffer to check correct value mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume MIPS: io: Add barrier after register read in inX() time: Make sure jiffies_to_msecs() preserves non-zero time periods Btrfs: fix clone vs chattr NODATASUM race iio:buffer: make length types match kfifo types scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread linvdimm, pmem: Preserve read-only setting for pmem devices md: fix two problems with setting the "re-add" device state. ubi: fastmap: Cancel work upon detach UBIFS: Fix potential integer overflow in allocation xfrm: Ignore socket policies when rebuilding hash tables xfrm: skip policies marked as dead while rehashing backlight: as3711_bl: Fix Device Tree node lookup backlight: max8925_bl: Fix Device Tree node lookup backlight: tps65217_bl: Fix Device Tree node lookup mfd: intel-lpss: Program REMAP register in PIO mode perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP perf intel-pt: Fix MTC timing after overflow perf intel-pt: Fix "Unexpected indirect branch" error perf intel-pt: Fix packet decoding of CYC packets media: v4l2-compat-ioctl32: prevent go past max size media: cx231xx: Add support for AverMedia DVD EZMaker 7 media: dvb_frontend: fix locking issues at dvb_frontend_get_event() nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message video: uvesafb: Fix integer overflow in allocation Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID xen: Remove unnecessary BUG_ON from __unbind_from_irq() udf: Detect incorrect directory size Input: elan_i2c_smbus - fix more potential stack buffer overflows Input: elantech - enable middle button of touchpads on ThinkPad P52 Input: elantech - fix V4 report decoding for module with middle key ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 Btrfs: fix unexpected cow in run_delalloc_nocow spi: Fix scatterlist elements size in spi_map_buf block: Fix transfer when chunk sectors exceeds max dm thin: handle running out of data space vs concurrent discard cdc_ncm: avoid padding beyond end of skb Bluetooth: Fix connection if directed advertising and privacy is used Linux 4.4.139 Change-Id: I93013bedf2ebe3e6a8718972d8854723609963cc Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Diffstat (limited to 'net/ipv6/xfrm6_policy.c')
-rw-r--r--net/ipv6/xfrm6_policy.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 1a8608cc104c..4d0c7115f78e 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -124,7 +124,7 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
struct flowi6 *fl6 = &fl->u.ip6;
int onlyproto = 0;
const struct ipv6hdr *hdr = ipv6_hdr(skb);
- u16 offset = sizeof(*hdr);
+ u32 offset = sizeof(*hdr);
struct ipv6_opt_hdr *exthdr;
const unsigned char *nh = skb_network_header(skb);
u16 nhoff = IP6CB(skb)->nhoff;