CVE-2014-2309 ipv6: crash due to router advertisment flooding (rhbz 1074471 1075064)
This commit is contained in:
Josh Boyer
parent
e741d1dc9e
commit
93ec8b7d38
32
ipv6-dont-set-DST_NOCOUNT-for-remotely-added-routes.patch
Normal file
32
ipv6-dont-set-DST_NOCOUNT-for-remotely-added-routes.patch
Normal file
@ -0,0 +1,32 @@
|
||||
Bugzilla: 1074471
|
||||
Upstream-status: queued for 3.14
|
||||
|
||||
From c88507fbad8055297c1d1e21e599f46960cbee39 Mon Sep 17 00:00:00 2001
|
||||
From: Sabrina Dubroca <sd@queasysnail.net>
|
||||
Date: Thu, 06 Mar 2014 16:51:57 +0000
|
||||
Subject: ipv6: don't set DST_NOCOUNT for remotely added routes
|
||||
|
||||
DST_NOCOUNT should only be used if an authorized user adds routes
|
||||
locally. In case of routes which are added on behalf of router
|
||||
advertisments this flag must not get used as it allows an unlimited
|
||||
number of routes getting added remotely.
|
||||
|
||||
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
|
||||
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
|
||||
index 11dac21..fba54a4 100644
|
||||
--- a/net/ipv6/route.c
|
||||
+++ b/net/ipv6/route.c
|
||||
@@ -1513,7 +1513,7 @@ int ip6_route_add(struct fib6_config *cfg)
|
||||
if (!table)
|
||||
goto out;
|
||||
|
||||
- rt = ip6_dst_alloc(net, NULL, DST_NOCOUNT, table);
|
||||
+ rt = ip6_dst_alloc(net, NULL, (cfg->fc_flags & RTF_ADDRCONF) ? 0 : DST_NOCOUNT, table);
|
||||
|
||||
if (!rt) {
|
||||
err = -ENOMEM;
|
||||
--
|
||||
cgit v0.9.2
|
||||
@ -646,6 +646,9 @@ Patch25035: Bluetooth-allocate-static-minor-for-vhci.patch
|
||||
#Fixes module loading on ppc64le
|
||||
Patch25036: ppc64le_module_fix.patch
|
||||
|
||||
#CVE-2014-2309 rhbz 1074471 1075064
|
||||
Patch25037: ipv6-dont-set-DST_NOCOUNT-for-remotely-added-routes.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
@ -1299,6 +1302,9 @@ ApplyPatch Bluetooth-allocate-static-minor-for-vhci.patch
|
||||
# Fixes module loading on ppc64le
|
||||
ApplyPatch ppc64le_module_fix.patch
|
||||
|
||||
#CVE-2014-2309 rhbz 1074471 1075064
|
||||
ApplyPatch ipv6-dont-set-DST_NOCOUNT-for-remotely-added-routes.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
@ -2079,6 +2085,7 @@ fi
|
||||
# || ||
|
||||
%changelog
|
||||
* Tue Mar 11 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.14.0-0.rc6.git1.1
|
||||
- CVE-2014-2309 ipv6: crash due to router advertisment flooding (rhbz 1074471 1075064)
|
||||
- Linux v3.14-rc6-17-g8712a00
|
||||
- Reenable debugging options.
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user