[stable] Security fixes for 2.6.32.x [3/4]

Fri, 15 Jul 2011 11:24:41 -0700 

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1767

Patch attached.

Cheers,
        Moritz

commit c2892f02712e9516d72841d5c019ed6916329794
Author: Alexey Dobriyan <[email protected]>
Date:   Tue Feb 16 07:57:44 2010 +0000

    gre: fix netns vs proto registration ordering
    
    GRE protocol receive hook can be called right after protocol addition is done.
    If netns stuff is not yet initialized, we're going to oops in
    net_generic().
    
    This is remotely oopsable if ip_gre is compiled as module and packet
    comes at unfortunate moment of module loading.
    
    Signed-off-by: Alexey Dobriyan <[email protected]>
    Signed-off-by: David S. Miller <[email protected]>
    [dannf: backported to Debian's 2.6.32]

diff -urpN linux-source-2.6.32.orig/net/ipv4/ip_gre.c linux-source-2.6.32/net/ipv4/ip_gre.c
--- linux-source-2.6.32.orig/net/ipv4/ip_gre.c	2011-05-03 09:29:08.000000000 -0600
+++ linux-source-2.6.32/net/ipv4/ip_gre.c	2011-05-17 01:27:46.115601639 -0600
@@ -1665,14 +1665,15 @@ static int __init ipgre_init(void)
 
 	printk(KERN_INFO "GRE over IPv4 tunneling driver\n");
 
-	if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) {
-		printk(KERN_INFO "ipgre init: can't add protocol\n");
-		return -EAGAIN;
-	}
-
 	err = register_pernet_gen_device(&ipgre_net_id, &ipgre_net_ops);
 	if (err < 0)
-		goto gen_device_failed;
+		return err;
+
+	err = inet_add_protocol(&ipgre_protocol, IPPROTO_GRE);
+	if (err < 0) {
+		printk(KERN_INFO "ipgre init: can't add protocol\n");
+		goto add_proto_failed;
+	}
 
 	err = rtnl_link_register(&ipgre_link_ops);
 	if (err < 0)
@@ -1688,9 +1689,9 @@ out:
 tap_ops_failed:
 	rtnl_link_unregister(&ipgre_link_ops);
 rtnl_link_failed:
-	unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
-gen_device_failed:
 	inet_del_protocol(&ipgre_protocol, IPPROTO_GRE);
+add_proto_failed:
+	unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
 	goto out;
 }
 
@@ -1698,9 +1699,9 @@ static void __exit ipgre_fini(void)
 {
 	rtnl_link_unregister(&ipgre_tap_ops);
 	rtnl_link_unregister(&ipgre_link_ops);
-	unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
 	if (inet_del_protocol(&ipgre_protocol, IPPROTO_GRE) < 0)
 		printk(KERN_INFO "ipgre close: can't remove protocol\n");
+	unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
 }
 
 module_init(ipgre_init);

_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable

Reply via email to