packages: kernel/kernel-CVE-2011-1927.patch (NEW) - patch resolving CVE-201...
marti
marti at pld-linux.org
Thu May 19 22:21:33 CEST 2011
Author: marti Date: Thu May 19 20:21:33 2011 GMT
Module: packages Tag: HEAD
---- Log message:
- patch resolving CVE-2011-1927
---- Files affected:
packages/kernel:
kernel-CVE-2011-1927.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/kernel/kernel-CVE-2011-1927.patch
diff -u /dev/null packages/kernel/kernel-CVE-2011-1927.patch:1.1
--- /dev/null Thu May 19 22:21:33 2011
+++ packages/kernel/kernel-CVE-2011-1927.patch Thu May 19 22:21:28 2011
@@ -0,0 +1,52 @@
+diff -ur linux-2.6.38-orig/net/ipv4/ip_fragment.c linux-2.6.38/net/ipv4/ip_fragment.c
+--- linux-2.6.38-orig/net/ipv4/ip_fragment.c 2011-03-15 02:20:32.000000000 +0100
++++ linux-2.6.38/net/ipv4/ip_fragment.c 2011-05-19 22:17:57.229544248 +0200
+@@ -223,32 +223,31 @@
+
+ if ((qp->q.last_in & INET_FRAG_FIRST_IN) && qp->q.fragments != NULL) {
+ struct sk_buff *head = qp->q.fragments;
++ const struct iphdr *iph;
++ int err;
+
+ rcu_read_lock();
+ head->dev = dev_get_by_index_rcu(net, qp->iif);
+ if (!head->dev)
+ goto out_rcu_unlock;
++
++ /* skb dst is stale, drop it, and perform route lookup again */
++ skb_dst_drop(head);
++ iph = ip_hdr(head);
++ err = ip_route_input_noref(head, iph->daddr, iph->saddr,
++ iph->tos, head->dev);
++ if (err)
++ goto out_rcu_unlock;
+
+ /*
+- * Only search router table for the head fragment,
+- * when defraging timeout at PRE_ROUTING HOOK.
++ * Only an end host needs to send an ICMP
++ * "Fragment Reassembly Timeout" message, per RFC792.
+ */
+- if (qp->user == IP_DEFRAG_CONNTRACK_IN && !skb_dst(head)) {
+- const struct iphdr *iph = ip_hdr(head);
+- int err = ip_route_input(head, iph->daddr, iph->saddr,
+- iph->tos, head->dev);
+- if (unlikely(err))
+- goto out_rcu_unlock;
+-
+- /*
+- * Only an end host needs to send an ICMP
+- * "Fragment Reassembly Timeout" message, per RFC792.
+- */
+- if (skb_rtable(head)->rt_type != RTN_LOCAL)
++
++ if (qp->user == IP_DEFRAG_CONNTRACK_IN &&
++ skb_rtable(head)->rt_type != RTN_LOCAL)
+ goto out_rcu_unlock;
+
+- }
+-
+ /* Send an ICMP "Fragment Reassembly Timeout" message. */
+ icmp_send(head, ICMP_TIME_EXCEEDED, ICMP_EXC_FRAGTIME, 0);
+ out_rcu_unlock:
+Tylko w linux-2.6.38/net/ipv4: ip_fragment.c~
================================================================
More information about the pld-cvs-commit
mailing list