packages: kernel/kernel-CVE-2011-1927.patch (NEW) - patch resolving CVE-201...

Thu, 19 May 2011 13:21:43 -0700 

Author: marti                        Date: Thu May 19 20:21:33 2011 GMT
Module: packages                      Tag: HEAD
---- Log message:
- patch resolving CVE-2011-1927

---- Files affected:
packages/kernel:
   kernel-CVE-2011-1927.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/kernel/kernel-CVE-2011-1927.patch
diff -u /dev/null packages/kernel/kernel-CVE-2011-1927.patch:1.1
--- /dev/null   Thu May 19 22:21:33 2011
+++ packages/kernel/kernel-CVE-2011-1927.patch  Thu May 19 22:21:28 2011
@@ -0,0 +1,52 @@
+diff -ur linux-2.6.38-orig/net/ipv4/ip_fragment.c 
linux-2.6.38/net/ipv4/ip_fragment.c
+--- linux-2.6.38-orig/net/ipv4/ip_fragment.c   2011-03-15 02:20:32.000000000 
+0100
++++ linux-2.6.38/net/ipv4/ip_fragment.c        2011-05-19 22:17:57.229544248 
+0200
+@@ -223,32 +223,31 @@
+ 
+       if ((qp->q.last_in & INET_FRAG_FIRST_IN) && qp->q.fragments != NULL) {
+               struct sk_buff *head = qp->q.fragments;
++              const struct iphdr *iph;
++              int err;
+ 
+               rcu_read_lock();
+               head->dev = dev_get_by_index_rcu(net, qp->iif);
+               if (!head->dev)
+                       goto out_rcu_unlock;
++              
++              /* skb dst is stale, drop it, and perform route lookup again */
++              skb_dst_drop(head);
++              iph = ip_hdr(head);
++              err = ip_route_input_noref(head, iph->daddr, iph->saddr,
++                                                                      
iph->tos, head->dev);
++              if (err)
++                              goto out_rcu_unlock;
+ 
+               /*
+-               * Only search router table for the head fragment,
+-               * when defraging timeout at PRE_ROUTING HOOK.
++               * Only an end host needs to send an ICMP
++               * "Fragment Reassembly Timeout" message, per RFC792.
+                */
+-              if (qp->user == IP_DEFRAG_CONNTRACK_IN && !skb_dst(head)) {
+-                      const struct iphdr *iph = ip_hdr(head);
+-                      int err = ip_route_input(head, iph->daddr, iph->saddr,
+-                                               iph->tos, head->dev);
+-                      if (unlikely(err))
+-                              goto out_rcu_unlock;
+-
+-                      /*
+-                       * Only an end host needs to send an ICMP
+-                       * "Fragment Reassembly Timeout" message, per RFC792.
+-                       */
+-                      if (skb_rtable(head)->rt_type != RTN_LOCAL)
++              
++              if (qp->user == IP_DEFRAG_CONNTRACK_IN &&
++                      skb_rtable(head)->rt_type != RTN_LOCAL)
+                               goto out_rcu_unlock;
+ 
+-              }
+-
+               /* Send an ICMP "Fragment Reassembly Timeout" message. */
+               icmp_send(head, ICMP_TIME_EXCEEDED, ICMP_EXC_FRAGTIME, 0);
+ out_rcu_unlock:
+Tylko w linux-2.6.38/net/ipv4: ip_fragment.c~
================================================================
_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to