https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1768
Two patches attached (order matters)
Cheers,
Moritz
commit e924960dacdf85d118a98c7262edf2f99c3015cf
Author: Alexey Dobriyan <[email protected]>
Date: Mon Jan 25 10:28:21 2010 +0000
netns xfrm: fixup xfrm6_tunnel error propagation
Signed-off-by: Alexey Dobriyan <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
diff --git a/net/ipv6/xfrm6_tunnel.c b/net/ipv6/xfrm6_tunnel.c
index 438831d..23fb100 100644
--- a/net/ipv6/xfrm6_tunnel.c
+++ b/net/ipv6/xfrm6_tunnel.c
@@ -353,13 +353,19 @@ static struct xfrm6_tunnel xfrm46_tunnel_handler = {
static int __init xfrm6_tunnel_init(void)
{
- if (xfrm_register_type(&xfrm6_tunnel_type, AF_INET6) < 0)
+ int rv;
+
+ rv = xfrm_register_type(&xfrm6_tunnel_type, AF_INET6);
+ if (rv < 0)
goto err;
- if (xfrm6_tunnel_register(&xfrm6_tunnel_handler, AF_INET6))
+ rv = xfrm6_tunnel_register(&xfrm6_tunnel_handler, AF_INET6);
+ if (rv < 0)
goto unreg;
- if (xfrm6_tunnel_register(&xfrm46_tunnel_handler, AF_INET))
+ rv = xfrm6_tunnel_register(&xfrm46_tunnel_handler, AF_INET);
+ if (rv < 0)
goto dereg6;
- if (xfrm6_tunnel_spi_init() < 0)
+ rv = xfrm6_tunnel_spi_init();
+ if (rv < 0)
goto dereg46;
return 0;
@@ -370,7 +376,7 @@ dereg6:
unreg:
xfrm_unregister_type(&xfrm6_tunnel_type, AF_INET6);
err:
- return -EAGAIN;
+ return rv;
}
static void __exit xfrm6_tunnel_fini(void)
commit d5aa407f59f5b83d2c50ec88f5bf56d40f1f8978
Author: Alexey Dobriyan <[email protected]>
Date: Tue Feb 16 09:05:04 2010 +0000
tunnels: fix netns vs proto registration ordering
Same stuff as in ip_gre patch: receive hook can be called before netns
setup is done, oopsing in net_generic().
Signed-off-by: Alexey Dobriyan <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
[dannf: backported to Debian's 2.6.26]
diff -urpN linux-source-2.6.26.orig/net/ipv4/ipip.c linux-source-2.6.26/net/ipv4/ipip.c
--- linux-source-2.6.26.orig/net/ipv4/ipip.c 2008-07-13 15:51:29.000000000 -0600
+++ linux-source-2.6.26/net/ipv4/ipip.c 2011-06-09 20:08:37.464943595 -0600
@@ -842,15 +842,14 @@ static int __init ipip_init(void)
printk(banner);
- if (xfrm4_tunnel_register(&ipip_handler, AF_INET)) {
+ err = register_pernet_gen_device(&ipip_net_id, &ipip_net_ops);
+ if (err < 0)
+ return err;
+ err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
+ if (err < 0) {
+ unregister_pernet_device(&ipip_net_ops);
printk(KERN_INFO "ipip init: can't register tunnel\n");
- return -EAGAIN;
}
-
- err = register_pernet_gen_device(&ipip_net_id, &ipip_net_ops);
- if (err)
- xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
-
return err;
}
diff -urpN linux-source-2.6.26.orig/net/ipv6/ip6_tunnel.c linux-source-2.6.26/net/ipv6/ip6_tunnel.c
--- linux-source-2.6.26.orig/net/ipv6/ip6_tunnel.c 2008-07-13 15:51:29.000000000 -0600
+++ linux-source-2.6.26/net/ipv6/ip6_tunnel.c 2011-06-09 20:13:03.276239292 -0600
@@ -1489,27 +1489,29 @@ static int __init ip6_tunnel_init(void)
{
int err;
- if (xfrm6_tunnel_register(&ip4ip6_handler, AF_INET)) {
+ err = register_pernet_device(&ip6_tnl_net_ops);
+ if (err < 0)
+ goto out_pernet;
+
+ err = xfrm6_tunnel_register(&ip4ip6_handler, AF_INET);
+ if (err < 0) {
printk(KERN_ERR "ip6_tunnel init: can't register ip4ip6\n");
- err = -EAGAIN;
- goto out;
+ goto out_ip4ip6;
}
- if (xfrm6_tunnel_register(&ip6ip6_handler, AF_INET6)) {
+ err = xfrm6_tunnel_register(&ip6ip6_handler, AF_INET6);
+ if (err < 0) {
printk(KERN_ERR "ip6_tunnel init: can't register ip6ip6\n");
- err = -EAGAIN;
- goto unreg_ip4ip6;
+ goto out_ip6ip6;
}
- err = register_pernet_gen_device(&ip6_tnl_net_id, &ip6_tnl_net_ops);
- if (err < 0)
- goto err_pernet;
return 0;
-err_pernet:
- xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6);
-unreg_ip4ip6:
+
+out_ip6ip6:
xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET);
-out:
+out_ip4ip6:
+ unregister_pernet_device(&ip6_tnl_net_ops);
+out_pernet:
return err;
}
diff -urpN linux-source-2.6.26.orig/net/ipv6/sit.c linux-source-2.6.26/net/ipv6/sit.c
--- linux-source-2.6.26.orig/net/ipv6/sit.c 2008-07-13 15:51:29.000000000 -0600
+++ linux-source-2.6.26/net/ipv6/sit.c 2011-06-09 20:09:47.285806826 -0600
@@ -1082,15 +1082,14 @@ static int __init sit_init(void)
printk(KERN_INFO "IPv6 over IPv4 tunneling driver\n");
- if (xfrm4_tunnel_register(&sit_handler, AF_INET6) < 0) {
- printk(KERN_INFO "sit init: Can't add protocol\n");
- return -EAGAIN;
- }
-
err = register_pernet_gen_device(&sit_net_id, &sit_net_ops);
if (err < 0)
- xfrm4_tunnel_deregister(&sit_handler, AF_INET6);
-
+ return err;
+ err = xfrm4_tunnel_register(&sit_handler, AF_INET6);
+ if (err < 0) {
+ unregister_pernet_device(&sit_net_ops);
+ printk(KERN_INFO "sit init: Can't add protocol\n");
+ }
return err;
}
diff -urpN linux-source-2.6.26.orig/net/ipv6/xfrm6_tunnel.c linux-source-2.6.26/net/ipv6/xfrm6_tunnel.c
--- linux-source-2.6.26.orig/net/ipv6/xfrm6_tunnel.c 2011-06-09 21:11:53.125828225 -0600
+++ linux-source-2.6.26/net/ipv6/xfrm6_tunnel.c 2011-06-09 21:20:18.328528733 -0600
@@ -346,36 +346,36 @@ static int __init xfrm6_tunnel_init(void
{
int rv;
- rv = xfrm_register_type(&xfrm6_tunnel_type, AF_INET6);
+ rv = xfrm6_tunnel_spi_init();
if (rv < 0)
goto err;
+ rv = xfrm_register_type(&xfrm6_tunnel_type, AF_INET6);
+ if (rv < 0)
+ goto out_type;
rv = xfrm6_tunnel_register(&xfrm6_tunnel_handler, AF_INET6);
if (rv < 0)
- goto unreg;
+ goto out_xfrm6;
rv = xfrm6_tunnel_register(&xfrm46_tunnel_handler, AF_INET);
if (rv < 0)
- goto dereg6;
- rv = xfrm6_tunnel_spi_init();
- if (rv < 0)
- goto dereg46;
+ goto out_xfrm46;
return 0;
-dereg46:
- xfrm6_tunnel_deregister(&xfrm46_tunnel_handler, AF_INET);
-dereg6:
+out_xfrm46:
xfrm6_tunnel_deregister(&xfrm6_tunnel_handler, AF_INET6);
-unreg:
+out_xfrm6:
xfrm_unregister_type(&xfrm6_tunnel_type, AF_INET6);
+out_type:
+ xfrm6_tunnel_spi_fini();
err:
return rv;
}
static void __exit xfrm6_tunnel_fini(void)
{
- xfrm6_tunnel_spi_fini();
xfrm6_tunnel_deregister(&xfrm46_tunnel_handler, AF_INET);
xfrm6_tunnel_deregister(&xfrm6_tunnel_handler, AF_INET6);
xfrm_unregister_type(&xfrm6_tunnel_type, AF_INET6);
+ xfrm6_tunnel_spi_fini();
}
module_init(xfrm6_tunnel_init);
_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable
