[Z/Y/X/T SRU] Fix CVE-2017-9075

[Stefan Bader]

Patch applies as cherry-pick to all releases. Build-tested on Trusty
amd64.

-Stefan


---

>From fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8 Mon Sep 17 00:00:00 2001
From: Eric Dumazet <edumazet at google.com>
Date: Wed, 17 May 2017 07:16:40 -0700
Subject: [PATCH] sctp: do not inherit ipv6_{mc|ac|fl}_list from parent

SCTP needs fixes similar to 83eaddab4378 ("ipv6/dccp: do not inherit
ipv6_mc_list from parent"), otherwise bad things can happen.

Signed-off-by: Eric Dumazet <edumazet at google.com>
Reported-by: Andrey Konovalov <andreyknvl at google.com>
Tested-by: Andrey Konovalov <andreyknvl at google.com>
Signed-off-by: David S. Miller <davem at davemloft.net>

CVE-2017-9075

(cherry-picked from fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8)
Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
---
 net/sctp/ipv6.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index 142b70e..f5b45b8 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -677,6 +677,9 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk,
 	newnp = inet6_sk(newsk);
 
 	memcpy(newnp, np, sizeof(struct ipv6_pinfo));
+	newnp->ipv6_mc_list = NULL;
+	newnp->ipv6_ac_list = NULL;
+	newnp->ipv6_fl_list = NULL;
 
 	rcu_read_lock();
 	opt = rcu_dereference(np->opt);
-- 
2.7.4