CVE-2014-0100 net: inet frag race condition use-after-free (rhbz 1072026 1070618)
This commit is contained in:
parent
ec9e0da519
commit
db766ed90f
|
@ -785,6 +785,9 @@ Patch25029: audit-don-t-generate-loginuid-log-when-audit-disable.patch
|
|||
#CVE-2014-0101 rhbz 1072029 1070705
|
||||
Patch25030: net-net-sctp-fix-sctp_sf_do_5_1D_ce-to-verify-if-we-peer-is-AUTH-capable.patch
|
||||
|
||||
#CVE-2014-0100 rhbz 1072026 1070618
|
||||
Patch25031: net-fix-for-a-race-condition-in-the-inet-frag-code.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
@ -1516,6 +1519,9 @@ ApplyPatch audit-don-t-generate-loginuid-log-when-audit-disable.patch
|
|||
#CVE-2014-0101 rhbz 1072029 1070705
|
||||
ApplyPatch net-net-sctp-fix-sctp_sf_do_5_1D_ce-to-verify-if-we-peer-is-AUTH-capable.patch
|
||||
|
||||
#CVE-2014-0100 rhbz 1072026 1070618
|
||||
ApplyPatch net-fix-for-a-race-condition-in-the-inet-frag-code.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
|
@ -2329,6 +2335,7 @@ fi
|
|||
|
||||
%changelog
|
||||
* Mon Mar 03 2014 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2014-0100 net: inet frag race condition use-after-free (rhbz 1072026 1070618)
|
||||
- CVE-2014-0101 sctp: null ptr deref when processing auth cookie_echo chunk (rhbz 1070209 1070705)
|
||||
- Fix overly verbose audit logs (rhbz 1066064)
|
||||
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
Bugzilla: 1070618
|
||||
Upstream-status: submitted http://patchwork.ozlabs.org/patch/325844/
|
||||
|
||||
diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c
|
||||
index bb075fc9a14f..322dcebfc588 100644
|
||||
--- a/net/ipv4/inet_fragment.c
|
||||
+++ b/net/ipv4/inet_fragment.c
|
||||
@@ -278,9 +278,10 @@ static struct inet_frag_queue *inet_frag_intern(struct netns_frags *nf,
|
||||
|
||||
atomic_inc(&qp->refcnt);
|
||||
hlist_add_head(&qp->list, &hb->chain);
|
||||
+ inet_frag_lru_add(nf, qp);
|
||||
spin_unlock(&hb->chain_lock);
|
||||
read_unlock(&f->lock);
|
||||
- inet_frag_lru_add(nf, qp);
|
||||
+
|
||||
return qp;
|
||||
}
|
||||
|
Loading…
Reference in New Issue