rpms
/
kernel
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

CVE-2014-2309 ipv6: crash due to router advertisment flooding (rhbz 1074471 1075064)

This commit is contained in:
Josh Boyer 2014-03-11 09:00:52 -04:00
parent e741d1dc9e
commit 93ec8b7d38
2 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
ipv6-dont-set-DST_NOCOUNT-for-remotely-added-routes.patch Normal file
View File

@ -0,0 +1,32 @@
Bugzilla: 1074471
Upstream-status: queued for 3.14
From c88507fbad8055297c1d1e21e599f46960cbee39 Mon Sep 17 00:00:00 2001
From: Sabrina Dubroca <sd@queasysnail.net>
Date: Thu, 06 Mar 2014 16:51:57 +0000
Subject: ipv6: don't set DST_NOCOUNT for remotely added routes
DST_NOCOUNT should only be used if an authorized user adds routes
locally. In case of routes which are added on behalf of router
advertisments this flag must not get used as it allows an unlimited
number of routes getting added remotely.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 11dac21..fba54a4 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1513,7 +1513,7 @@ int ip6_route_add(struct fib6_config *cfg)
if (!table)
goto out;
- rt = ip6_dst_alloc(net, NULL, DST_NOCOUNT, table);
+ rt = ip6_dst_alloc(net, NULL, (cfg->fc_flags & RTF_ADDRCONF) ? 0 : DST_NOCOUNT, table);
if (!rt) {
err = -ENOMEM;
--
cgit v0.9.2

7
kernel.spec
View File

@ -646,6 +646,9 @@ Patch25035: Bluetooth-allocate-static-minor-for-vhci.patch
#Fixes module loading on ppc64le
Patch25036: ppc64le_module_fix.patch
#CVE-2014-2309 rhbz 1074471 1075064
Patch25037: ipv6-dont-set-DST_NOCOUNT-for-remotely-added-routes.patch
# END OF PATCH DEFINITIONS
%endif
@ -1299,6 +1302,9 @@ ApplyPatch Bluetooth-allocate-static-minor-for-vhci.patch
# Fixes module loading on ppc64le
ApplyPatch ppc64le_module_fix.patch
#CVE-2014-2309 rhbz 1074471 1075064
ApplyPatch ipv6-dont-set-DST_NOCOUNT-for-remotely-added-routes.patch
# END OF PATCH APPLICATIONS
%endif
@ -2079,6 +2085,7 @@ fi
# || ||
%changelog
* Tue Mar 11 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.14.0-0.rc6.git1.1
- CVE-2014-2309 ipv6: crash due to router advertisment flooding (rhbz 1074471 1075064)
- Linux v3.14-rc6-17-g8712a00
- Reenable debugging options.