Linux v4.0-rc6-101-g0a4812798fae

2015-04-02 16:46:55 -04:00 · 2015-04-02 16:46:55 -04:00 · b6b5f47a14
commit b6b5f47a14
parent 92f85ec311
3 changed files with 5 additions and 54 deletions
--- a/ipv6-Don-t-reduce-hop-limit-for-an-interface.patch
+++ b/ipv6-Don-t-reduce-hop-limit-for-an-interface.patch
@ -1,46 +0,0 @@
 From: "D.S. Ljungmark" <ljungmark@modio.se>
 Date: Wed, 25 Mar 2015 09:28:15 +0100
 Subject: [PATCH] ipv6: Don't reduce hop limit for an interface
 A local route may have a lower hop_limit set than global routes do.
 RFC 3756, Section 4.2.7, "Parameter Spoofing"
 >   1.  The attacker includes a Current Hop Limit of one or another small
 >       number which the attacker knows will cause legitimate packets to
 >       be dropped before they reach their destination.
 >   As an example, one possible approach to mitigate this threat is to
 >   ignore very small hop limits.  The nodes could implement a
 >   configurable minimum hop limit, and ignore attempts to set it below
 >   said limit.
 Signed-off-by: D.S. Ljungmark <ljungmark@modio.se>
 Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
 ---
 net/ipv6/ndisc.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)
 diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
 index 471ed24aabae..14ecdaf06bf7 100644
 --- a/net/ipv6/ndisc.c
 +++ b/net/ipv6/ndisc.c
@@ -1218,7 +1218,14 @@ static void ndisc_router_discovery(struct sk_buff *skb)
 	if (rt)
 		rt6_set_expires(rt, jiffies + (HZ * lifetime));
 	if (ra_msg->icmph.icmp6_hop_limit) {
 -		in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
 +		/* Only set hop_limit on the interface if it is higher than
 +		 * the current hop_limit.
 +		 */
 +		if (in6_dev->cnf.hop_limit < ra_msg->icmph.icmp6_hop_limit) {
 +			in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
 +		} else {
 +			ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than current\n");
 +		}
 		if (rt)
 			dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
 				       ra_msg->icmph.icmp6_hop_limit);
 -- 
 2.1.0
--- a/kernel.spec
+++ b/kernel.spec
@ -68,7 +68,7 @@ Summary: The Linux kernel
 # The rc snapshot level
 %define rcrev 6
 # The git snapshot level
-%define gitrev 1
+%define gitrev 2
 # Set rpm version accordingly
 %define rpmversion 4.%{upstream_sublevel}.0
 %endif
@ -634,9 +634,6 @@ Patch26174: Input-ALPS-fix-max-coordinates-for-v5-and-v7-protoco.patch
 #CVE-2015-2150 rhbz 1196266 1200397
 Patch26175: xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
 #CVE-2015-XXXX rhbz 1203712 1208491
 Patch26177: ipv6-Don-t-reduce-hop-limit-for-an-interface.patch
 # END OF PATCH DEFINITIONS
 %endif
@ -1382,9 +1379,6 @@ ApplyPatch Input-ALPS-fix-max-coordinates-for-v5-and-v7-protoco.patch
 #CVE-2015-2150 rhbz 1196266 1200397
 ApplyPatch xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
 #CVE-2015-XXXX rhbz 1203712 1208491
 ApplyPatch ipv6-Don-t-reduce-hop-limit-for-an-interface.patch
 # END OF PATCH APPLICATIONS
 %endif
@ -2235,6 +2229,9 @@ fi
 #
 # 
 %changelog
 * Thu Apr 02 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.0.0-0.rc6.git2.1
 - Linux v4.0-rc6-101-g0a4812798fae
 * Thu Apr 02 2015 Josh Boyer <jwboyer@fedoraproject.org>
 - DoS against IPv6 stacks due to improper handling of RA (rhbz 1203712 1208491)
--- a/2
+++ b/2
@ -1,3 +1,3 @@
 bec0aeeacab2852d9a17ccbfa7e280f8  linux-4.0-rc6.tar.xz
 260f7a6cccde97c91b2e79eb93049820  perf-man-4.0-rc6.tar.gz
-1254e2b5f72b55b8df6fc4a4caae2ff1  patch-4.0-rc6-git1.xz
+9c5164f5f19edaf4c78df0b2e7e4a047  patch-4.0-rc6-git2.xz