CVE-2014-2309 ipv6: crash due to router advertisment flooding (rhbz 1074471 1075064)
This commit is contained in:
Josh Boyer
parent
e741d1dc9e
commit
93ec8b7d38
32
ipv6-dont-set-DST_NOCOUNT-for-remotely-added-routes.patch
Normal file
32
ipv6-dont-set-DST_NOCOUNT-for-remotely-added-routes.patch
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
Bugzilla: 1074471
|
||||||
|
Upstream-status: queued for 3.14
|
||||||
|
|
||||||
|
From c88507fbad8055297c1d1e21e599f46960cbee39 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sabrina Dubroca <sd@queasysnail.net>
|
||||||
|
Date: Thu, 06 Mar 2014 16:51:57 +0000
|
||||||
|
Subject: ipv6: don't set DST_NOCOUNT for remotely added routes
|
||||||
|
|
||||||
|
DST_NOCOUNT should only be used if an authorized user adds routes
|
||||||
|
locally. In case of routes which are added on behalf of router
|
||||||
|
advertisments this flag must not get used as it allows an unlimited
|
||||||
|
number of routes getting added remotely.
|
||||||
|
|
||||||
|
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
|
||||||
|
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
|
||||||
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||||
|
---
|
||||||
|
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
|
||||||
|
index 11dac21..fba54a4 100644
|
||||||
|
--- a/net/ipv6/route.c
|
||||||
|
+++ b/net/ipv6/route.c
|
||||||
|
@@ -1513,7 +1513,7 @@ int ip6_route_add(struct fib6_config *cfg)
|
||||||
|
if (!table)
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
- rt = ip6_dst_alloc(net, NULL, DST_NOCOUNT, table);
|
||||||
|
+ rt = ip6_dst_alloc(net, NULL, (cfg->fc_flags & RTF_ADDRCONF) ? 0 : DST_NOCOUNT, table);
|
||||||
|
|
||||||
|
if (!rt) {
|
||||||
|
err = -ENOMEM;
|
||||||
|
--
|
||||||
|
cgit v0.9.2
|
||||||
@ -646,6 +646,9 @@ Patch25035: Bluetooth-allocate-static-minor-for-vhci.patch
|
|||||||
#Fixes module loading on ppc64le
|
#Fixes module loading on ppc64le
|
||||||
Patch25036: ppc64le_module_fix.patch
|
Patch25036: ppc64le_module_fix.patch
|
||||||
|
|
||||||
|
#CVE-2014-2309 rhbz 1074471 1075064
|
||||||
|
Patch25037: ipv6-dont-set-DST_NOCOUNT-for-remotely-added-routes.patch
|
||||||
|
|
||||||
# END OF PATCH DEFINITIONS
|
# END OF PATCH DEFINITIONS
|
||||||
|
|
||||||
%endif
|
%endif
|
||||||
@ -1299,6 +1302,9 @@ ApplyPatch Bluetooth-allocate-static-minor-for-vhci.patch
|
|||||||
# Fixes module loading on ppc64le
|
# Fixes module loading on ppc64le
|
||||||
ApplyPatch ppc64le_module_fix.patch
|
ApplyPatch ppc64le_module_fix.patch
|
||||||
|
|
||||||
|
#CVE-2014-2309 rhbz 1074471 1075064
|
||||||
|
ApplyPatch ipv6-dont-set-DST_NOCOUNT-for-remotely-added-routes.patch
|
||||||
|
|
||||||
# END OF PATCH APPLICATIONS
|
# END OF PATCH APPLICATIONS
|
||||||
|
|
||||||
%endif
|
%endif
|
||||||
@ -2079,6 +2085,7 @@ fi
|
|||||||
# || ||
|
# || ||
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Mar 11 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.14.0-0.rc6.git1.1
|
* Tue Mar 11 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.14.0-0.rc6.git1.1
|
||||||
|
- CVE-2014-2309 ipv6: crash due to router advertisment flooding (rhbz 1074471 1075064)
|
||||||
- Linux v3.14-rc6-17-g8712a00
|
- Linux v3.14-rc6-17-g8712a00
|
||||||
- Reenable debugging options.
|
- Reenable debugging options.
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user