[Acked] [PATCH Z/Y/X] ipv6/dccp: do not inherit ipv6_mc_list from parent

Andy Whitcroft apw at canonical.com
Wed Jun 7 12:02:10 UTC 2017 

On Wed, Jun 07, 2017 at 12:28:27PM +0200, Stefan Bader wrote:
> From: WANG Cong <xiyou.wangcong at gmail.com>
> 
> Like commit 657831ffc38e ("dccp/tcp: do not inherit mc_list from parent")
> we should clear ipv6_mc_list etc. for IPv6 sockets too.
> 
> Cc: Eric Dumazet <edumazet at google.com>
> Signed-off-by: Cong Wang <xiyou.wangcong at gmail.com>
> Acked-by: Eric Dumazet <edumazet at google.com>
> Signed-off-by: David S. Miller <davem at davemloft.net>
> 
> CVE-2017-9076
> 
> (cherry-picked from 83eaddab4378db256d00d295bda6ca997cd13a52)
> Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
> ---
>  net/dccp/ipv6.c     | 6 ++++++
>  net/ipv6/tcp_ipv6.c | 2 ++
>  2 files changed, 8 insertions(+)
> 
> diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
> index d9b6a4e..b6bbb71 100644
> --- a/net/dccp/ipv6.c
> +++ b/net/dccp/ipv6.c
> @@ -426,6 +426,9 @@ static struct sock *dccp_v6_request_recv_sock(const struct sock *sk,
>  		newsk->sk_backlog_rcv = dccp_v4_do_rcv;
>  		newnp->pktoptions  = NULL;
>  		newnp->opt	   = NULL;
> +		newnp->ipv6_mc_list = NULL;
> +		newnp->ipv6_ac_list = NULL;
> +		newnp->ipv6_fl_list = NULL;
>  		newnp->mcast_oif   = inet6_iif(skb);
>  		newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
>  
> @@ -490,6 +493,9 @@ static struct sock *dccp_v6_request_recv_sock(const struct sock *sk,
>  	/* Clone RX bits */
>  	newnp->rxopt.all = np->rxopt.all;
>  
> +	newnp->ipv6_mc_list = NULL;
> +	newnp->ipv6_ac_list = NULL;
> +	newnp->ipv6_fl_list = NULL;
>  	newnp->pktoptions = NULL;
>  	newnp->opt	  = NULL;
>  	newnp->mcast_oif  = inet6_iif(skb);
> diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
> index aeb9497..df5a9ff 100644
> --- a/net/ipv6/tcp_ipv6.c
> +++ b/net/ipv6/tcp_ipv6.c
> @@ -1062,6 +1062,7 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *
>  		newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
>  #endif
>  
> +		newnp->ipv6_mc_list = NULL;
>  		newnp->ipv6_ac_list = NULL;
>  		newnp->ipv6_fl_list = NULL;
>  		newnp->pktoptions  = NULL;
> @@ -1131,6 +1132,7 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *
>  	   First: no IPv4 options.
>  	 */
>  	newinet->inet_opt = NULL;
> +	newnp->ipv6_mc_list = NULL;
>  	newnp->ipv6_ac_list = NULL;
>  	newnp->ipv6_fl_list = NULL;

Looks to do what is claimed, cherry-pick:

Acked-by: Andy Whitcroft <apw at canonical.com>

-apw

More information about the kernel-team mailing list