CVE-2014-2309 ipv6: crash due to router advertisment flooding (rhbz 1074471 1075064)
This commit is contained in:
Josh Boyer
parent
329a89d823
commit
1dd978d38f
|
|
@ -0,0 +1,32 @@
|
|||
Bugzilla: 1074471
|
||||
Upstream-status: queued for 3.14
|
||||
|
||||
From c88507fbad8055297c1d1e21e599f46960cbee39 Mon Sep 17 00:00:00 2001
|
||||
From: Sabrina Dubroca <sd@queasysnail.net>
|
||||
Date: Thu, 06 Mar 2014 16:51:57 +0000
|
||||
Subject: ipv6: don't set DST_NOCOUNT for remotely added routes
|
||||
|
||||
DST_NOCOUNT should only be used if an authorized user adds routes
|
||||
locally. In case of routes which are added on behalf of router
|
||||
advertisments this flag must not get used as it allows an unlimited
|
||||
number of routes getting added remotely.
|
||||
|
||||
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
|
||||
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
|
||||
index 11dac21..fba54a4 100644
|
||||
--- a/net/ipv6/route.c
|
||||
+++ b/net/ipv6/route.c
|
||||
@@ -1513,7 +1513,7 @@ int ip6_route_add(struct fib6_config *cfg)
|
||||
if (!table)
|
||||
goto out;
|
||||
|
||||
- rt = ip6_dst_alloc(net, NULL, DST_NOCOUNT, table);
|
||||
+ rt = ip6_dst_alloc(net, NULL, (cfg->fc_flags & RTF_ADDRCONF) ? 0 : DST_NOCOUNT, table);
|
||||
|
||||
if (!rt) {
|
||||
err = -ENOMEM;
|
||||
--
|
||||
cgit v0.9.2
|
||||
|
|
@ -794,6 +794,9 @@ Patch25039: Revert-xhci-1.0-Limit-arbitrarily-aligned-scatter-gather.patch
|
|||
#rhbz 1065663
|
||||
Patch25040: iwlwifi-dvm-clear-IWL_STA_UCODE_INPROGRESS-when-asso.patch
|
||||
|
||||
#CVE-2014-2309 rhbz 1074471 1075064
|
||||
Patch25041: ipv6-dont-set-DST_NOCOUNT-for-remotely-added-routes.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -1544,6 +1547,9 @@ ApplyPatch Revert-xhci-1.0-Limit-arbitrarily-aligned-scatter-gather.patch
|
|||
#rhbz 1065663
|
||||
ApplyPatch iwlwifi-dvm-clear-IWL_STA_UCODE_INPROGRESS-when-asso.patch
|
||||
|
||||
#CVE-2014-2309 rhbz 1074471 1075064
|
||||
ApplyPatch ipv6-dont-set-DST_NOCOUNT-for-remotely-added-routes.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -2355,6 +2361,9 @@ fi
|
|||
# ||----w |
|
||||
# || ||
|
||||
%changelog
|
||||
* Tue Mar 11 2014 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2014-2309 ipv6: crash due to router advertisment flooding (rhbz 1074471 1075064)
|
||||
|
||||
* Fri Mar 07 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.13.6-200
|
||||
- Linux v3.13.6
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue