[Acked] [Z/Y/X/T SRU] Fix CVE-2017-9075

[Andy Whitcroft]

On Wed, Jun 07, 2017 at 11:46:47AM +0200, Stefan Bader wrote:
> Patch applies as cherry-pick to all releases. Build-tested on Trusty
> amd64.
> 
> -Stefan
> 
> 
> ---
> 
> From fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8 Mon Sep 17 00:00:00 2001
> From: Eric Dumazet <edumazet at google.com>
> Date: Wed, 17 May 2017 07:16:40 -0700
> Subject: [PATCH] sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
> 
> SCTP needs fixes similar to 83eaddab4378 ("ipv6/dccp: do not inherit
> ipv6_mc_list from parent"), otherwise bad things can happen.
> 
> Signed-off-by: Eric Dumazet <edumazet at google.com>
> Reported-by: Andrey Konovalov <andreyknvl at google.com>
> Tested-by: Andrey Konovalov <andreyknvl at google.com>
> Signed-off-by: David S. Miller <davem at davemloft.net>
> 
> CVE-2017-9075
> 
> (cherry-picked from fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8)
> Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
> ---
>  net/sctp/ipv6.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
> index 142b70e..f5b45b8 100644
> --- a/net/sctp/ipv6.c
> +++ b/net/sctp/ipv6.c
> @@ -677,6 +677,9 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk,
>  	newnp = inet6_sk(newsk);
>  
>  	memcpy(newnp, np, sizeof(struct ipv6_pinfo));
> +	newnp->ipv6_mc_list = NULL;
> +	newnp->ipv6_ac_list = NULL;
> +	newnp->ipv6_fl_list = NULL;
>  
>  	rcu_read_lock();
>  	opt = rcu_dereference(np->opt);

Clean cherry-pick, looks to do what is claimed.

Acked-by: Andy Whitcroft <apw at canonical.com>

-apw