releases/4.8.14/esp4-fix-integrity-verification-when-esn-are-used.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 7c7fedd51c02f4418e8b2eed64bdab601f882aa4 Mon Sep 17 00:00:00 2001
 From: Tobias Brunner <tobias@strongswan.org>
 Date: Tue, 29 Nov 2016 17:05:20 +0100
 Subject: esp4: Fix integrity verification when ESN are used

 From: Tobias Brunner <tobias@strongswan.org>

 commit 7c7fedd51c02f4418e8b2eed64bdab601f882aa4 upstream.

 When handling inbound packets, the two halves of the sequence number
 stored on the skb are already in network order.

 Fixes: 7021b2e1cddd ("esp4: Switch to new AEAD interface")
 Signed-off-by: Tobias Brunner <tobias@strongswan.org>
 Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
 Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  net/ipv4/esp4.c |    2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

 --- a/net/ipv4/esp4.c
 +++ b/net/ipv4/esp4.c
 @@ -476,7 +476,7 @@ static int esp_input(struct xfrm_state *
  		esph = (void *)skb_push(skb, 4);
  		*seqhi = esph->spi;
  		esph->spi = esph->seq_no;
 -		esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.input.hi);
 +		esph->seq_no = XFRM_SKB_CB(skb)->seq.input.hi;
  		aead_request_set_callback(req, 0, esp_input_done_esn, skb);
  	}
	From 7c7fedd51c02f4418e8b2eed64bdab601f882aa4 Mon Sep 17 00:00:00 2001
	From: Tobias Brunner <tobias@strongswan.org>
	Date: Tue, 29 Nov 2016 17:05:20 +0100
	Subject: esp4: Fix integrity verification when ESN are used

	From: Tobias Brunner <tobias@strongswan.org>

	commit 7c7fedd51c02f4418e8b2eed64bdab601f882aa4 upstream.

	When handling inbound packets, the two halves of the sequence number
	stored on the skb are already in network order.

	Fixes: 7021b2e1cddd ("esp4: Switch to new AEAD interface")
	Signed-off-by: Tobias Brunner <tobias@strongswan.org>
	Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
	Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	net/ipv4/esp4.c \| 2 +-
	1 file changed, 1 insertion(+), 1 deletion(-)

	--- a/net/ipv4/esp4.c
	+++ b/net/ipv4/esp4.c
	@@ -476,7 +476,7 @@ static int esp_input(struct xfrm_state *
	esph = (void *)skb_push(skb, 4);
	*seqhi = esph->spi;
	esph->spi = esph->seq_no;
	- esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.input.hi);
	+ esph->seq_no = XFRM_SKB_CB(skb)->seq.input.hi;
	aead_request_set_callback(req, 0, esp_input_done_esn, skb);
	}