In ipsec_common_input_cb() ensure that the packet size does not overflow
the maximum packet size before writing the value back to the IP header.
IPv4 and IPv6 have slightly different rules and so do it per AF.
OK millert@
Include the padding length when testing the remaining bytes in an octet
string, to prevent a size_t underflow on a malformed packet and make us run
into infinity.
Same diff as for snmpd
Template peers need to check xp->rdesession to know if the RDE has the
session running or not. Right now it checks the template itself which
is never synced.
OK tb@
Include the padding length when testing the remaining bytes in an octet
string, to prevent a size_t underflow on a malformed packet and make us run
into infinity.
OK deraadt@
Typecast idx to size_t so that the comparison is safe on 32bit arch.
idx < 0 was already checked so casting this value from signed to unsigned
is safe.
OK tb@
Improve path_calc_hash()
Includes other attributes into the hash calculation and also adjust
the the span of hashed elements of struct rde_aspath to exclude
aspa_generation. On top of this reshuffle the siphash calls to
work on 64bit values first and only then other sizes.
OK tb@
Fix treat as withdraw handling for invalid ORIGIN attributes
If a prefix triggers the F_ATTR_PARSE_ERR case and therefor a RFC 7606
treat as withdraw rde_attr_parse() needs to return a success and not -1.
The return (-1) was missed when the RFC 7606 handling was added.
Move the F_ATTR_ORIGIN marker up to be more in line with other attributes.
OK tb@
Fix two memory accounting issues in chash
- ch_table_resize() did not increase the global cc_num_extendible value
- ch_sub_free() can be called with NULL pointer arguments and in that
case the accounting must be skipped
OK tb@
Use simpler logic to ensure path_id_tx is never 0
There is a theoretical case where the 0 conflict would be missed if
this arc4random() returned 0 for the first peer.
OK tb@
Convert the control_accept pauseaccept timeout to a deadline.
In rev. 1.525 of session.c the pauseaccept was converted to a deadline.
This part was missed in this conversion.
OK tb@
drm/amdgpu: fix zero-size GDS range init on RDNA4
From Arjan van de Ven
30c000a49094ec568c9b51b7421f7a4a3f0b0298 in linux-6.18.y/6.18.27
095a8b0ad3c3b5cdc3850d961adb8a8f735220bb in mainline linux
amdgpu/jpeg: fix deepsleep register for jpeg 5_0_0 and 5_0_2
From David (Ming Qiang) Wu
f7d9d0e4a64fe42c4f25e2a4fbabe3887efbb490 in linux-6.18.y/6.18.27
e90dc3b2d73986610476b02c29d0074aa4d92fb0 in mainline linux
drm/amd: Fix set but not used warnings
From Tiezhu Yang
77eb3e79a3e75b1dff8d8a8a6772a7d0ceaeccb5 in linux-6.18.y/6.18.27
46791d147d3ab3262298478106ef2a52fc7192e2 in mainline linux
Get rid of struct dtls1_retransmit_state.
In order to retransmit DTLS messages we potentially need to use the
record protection from a previous epoch. However, DTLS currently also
saves and restores the session, which is unnecessary - all of the
record protection and keys are handled in the TLS record layer.
Remove the rather useless dtls1_retransmit_state struct and just
keep the epoch - keeping pointers hanging around to sessions is pretty
nasty and unnecessary.
ok kenjiro@ tb@
Avoid use of uninitialised decode_error variable.
Pull initialisation of decode_error and invalid_key up to
tls_key_share_{client,server}_peer_public(), which are the entry points
for the key share code. The entry point was previously
tls_key_share_peer_public(), however with the introduction of MLKEM this
was split into separate client and server functions, without the
initialisation being included. Also initialise decode_error and
invalid_params on entry to tls_key_share_peer_params().
Code that reaches tls_key_share_client_peer_public_mlkem768x25519() could
previously result in code branching based on decode_error, which is
uninitialised stack based memory.
Thanks to Guido Vranken of Aisle Research for reporting this issue.
With and ok tb@
Add checks to make sure that the ELF header and program header fit into
the data we read from the on-disk shared library. These checks should
only fail for malformed shared libraries, but failing to load a shared
library is better than crashing the program because of an out-of-bounds
access.
Issue found by Frank Denis using the Swival Security Scanner.
ok guenther@
Fix a regression in rev. 1.269 reported by anton@.
Due to unveil(2), mansearch() can no longer change back to the initial
working directory. But check_xr() calls mansearch(), so the main program
needs to change back if -T lint or -W style is requested, such that these
work even when multiple relative file names are given on the command line.