From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 16 Jan 2018 17:44:20 +0000 (+0100)
Subject: drop revert-revert-xfrm-fix-stack-out-of-bounds-read-in-xfrm_state_find.patch from... 
X-Git-Tag: v3.18.92~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bc2ab94cf9b45d0bbd13dc5ba562db0eb621be89;p=thirdparty%2Fkernel%2Fstable-queue.git

drop revert-revert-xfrm-fix-stack-out-of-bounds-read-in-xfrm_state_find.patch from 4.14
---

diff --git a/queue-4.14/revert-revert-xfrm-fix-stack-out-of-bounds-read-in-xfrm_state_find.patch b/queue-4.14/revert-revert-xfrm-fix-stack-out-of-bounds-read-in-xfrm_state_find.patch
deleted file mode 100644
index caebe280313..00000000000
--- a/queue-4.14/revert-revert-xfrm-fix-stack-out-of-bounds-read-in-xfrm_state_find.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From foo@baz Sat Jan 13 10:51:05 CET 2018
-From: "David S. Miller" <davem@davemloft.net>
-Date: Fri, 12 Jan 2018 16:09:58 -0500
-Subject: Revert "Revert "xfrm: Fix stack-out-of-bounds read in xfrm_state_find.""
-
-From: "David S. Miller" <davem@davemloft.net>
-
-
-This reverts commit 94802151894d482e82c324edf2c658f8e6b96508.
-
-It breaks transport mode when the policy template has
-wildcard addresses configured.
-
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/xfrm/xfrm_policy.c |   29 +++++++++++------------------
- 1 file changed, 11 insertions(+), 18 deletions(-)
-
---- a/net/xfrm/xfrm_policy.c
-+++ b/net/xfrm/xfrm_policy.c
-@@ -1362,36 +1362,29 @@ xfrm_tmpl_resolve_one(struct xfrm_policy
- 	struct net *net = xp_net(policy);
- 	int nx;
- 	int i, error;
--	xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family);
--	xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family);
- 	xfrm_address_t tmp;
- 
- 	for (nx = 0, i = 0; i < policy->xfrm_nr; i++) {
- 		struct xfrm_state *x;
--		xfrm_address_t *remote = daddr;
--		xfrm_address_t *local  = saddr;
-+		xfrm_address_t *local;
-+		xfrm_address_t *remote;
- 		struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i];
- 
--		if (tmpl->mode == XFRM_MODE_TUNNEL ||
--		    tmpl->mode == XFRM_MODE_BEET) {
--			remote = &tmpl->id.daddr;
--			local = &tmpl->saddr;
--			if (xfrm_addr_any(local, tmpl->encap_family)) {
--				error = xfrm_get_saddr(net, fl->flowi_oif,
--						       &tmp, remote,
--						       tmpl->encap_family, 0);
--				if (error)
--					goto fail;
--				local = &tmp;
--			}
-+		remote = &tmpl->id.daddr;
-+		local = &tmpl->saddr;
-+		if (xfrm_addr_any(local, tmpl->encap_family)) {
-+			error = xfrm_get_saddr(net, fl->flowi_oif,
-+					       &tmp, remote,
-+					       tmpl->encap_family, 0);
-+			if (error)
-+				goto fail;
-+			local = &tmp;
- 		}
- 
- 		x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family);
- 
- 		if (x && x->km.state == XFRM_STATE_VALID) {
- 			xfrm[nx++] = x;
--			daddr = remote;
--			saddr = local;
- 			continue;
- 		}
- 		if (x) {
diff --git a/queue-4.14/series b/queue-4.14/series
index 6c2a5461030..336b9ac2637 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -50,7 +50,6 @@ net-sched-fix-update-of-lastuse-in-act-modules-implementing-stats_update.patch
 ipv6-sr-fix-tlvs-not-being-copied-using-setsockopt.patch
 mlxsw-spectrum-relax-sanity-checks-during-enslavement.patch
 sfp-fix-sfp-bus-oops-when-removing-socket-upstream.patch
-revert-revert-xfrm-fix-stack-out-of-bounds-read-in-xfrm_state_find.patch
 membarrier-disable-preemption-when-calling-smp_call_function_many.patch
 crypto-algapi-fix-null-dereference-in-crypto_remove_spawns.patch
 mmc-renesas_sdhi-add-module_license.patch