[Acked] [PATCH Trusty] ipv6/dccp: do not inherit ipv6_mc_list from parent

Andy Whitcroft apw at canonical.com
Wed Jun 7 12:02:32 UTC 2017


On Wed, Jun 07, 2017 at 12:28:28PM +0200, Stefan Bader wrote:
> From: WANG Cong <xiyou.wangcong at gmail.com>
> 
> Like commit 657831ffc38e ("dccp/tcp: do not inherit mc_list from parent")
> we should clear ipv6_mc_list etc. for IPv6 sockets too.
> 
> Cc: Eric Dumazet <edumazet at google.com>
> Signed-off-by: Cong Wang <xiyou.wangcong at gmail.com>
> Acked-by: Eric Dumazet <edumazet at google.com>
> Signed-off-by: David S. Miller <davem at davemloft.net>
> 
> CVE-2017-9076
> 
> (backported from 83eaddab4378db256d00d295bda6ca997cd13a52)
> [manual placement of hunk#2 net/dccp/ipv6.c]
> Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
> ---
>  net/dccp/ipv6.c     | 7 +++++++
>  net/ipv6/tcp_ipv6.c | 2 ++
>  2 files changed, 9 insertions(+)
> 
> diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
> index cf5bdc0..9dacede 100644
> --- a/net/dccp/ipv6.c
> +++ b/net/dccp/ipv6.c
> @@ -482,6 +482,9 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk,
>  		newsk->sk_backlog_rcv = dccp_v4_do_rcv;
>  		newnp->pktoptions  = NULL;
>  		newnp->opt	   = NULL;
> +		newnp->ipv6_mc_list = NULL;
> +		newnp->ipv6_ac_list = NULL;
> +		newnp->ipv6_fl_list = NULL;
>  		newnp->mcast_oif   = inet6_iif(skb);
>  		newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
>  
> @@ -557,6 +560,10 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk,
>  	/* Clone RX bits */
>  	newnp->rxopt.all = np->rxopt.all;
>  
> +	newnp->ipv6_mc_list = NULL;
> +	newnp->ipv6_ac_list = NULL;
> +	newnp->ipv6_fl_list = NULL;
> +
>  	/* Clone pktoptions received with SYN */
>  	newnp->pktoptions = NULL;
>  	if (ireq->pktopts != NULL) {
> diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
> index 69ee798..71d86e7 100644
> --- a/net/ipv6/tcp_ipv6.c
> +++ b/net/ipv6/tcp_ipv6.c
> @@ -1131,6 +1131,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
>  		newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
>  #endif
>  
> +		newnp->ipv6_mc_list = NULL;
>  		newnp->ipv6_ac_list = NULL;
>  		newnp->ipv6_fl_list = NULL;
>  		newnp->pktoptions  = NULL;
> @@ -1198,6 +1199,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
>  	   First: no IPv4 options.
>  	 */
>  	newinet->inet_opt = NULL;
> +	newnp->ipv6_mc_list = NULL;
>  	newnp->ipv6_ac_list = NULL;
>  	newnp->ipv6_fl_list = NULL;
>  

Looks to do what is claimed.

Acked-by: Andy Whitcroft <apw at canonical.com>

-apw




More information about the kernel-team mailing list