[PATCH 0/2] Backport commits for CVE-2016-8645
Dan Streetman
dan.streetman at canonical.com
Tue May 2 16:43:14 UTC 2017
The second commit provides the fix for CVE-2016-8645, while the first
commit only updates sk_filter() to introduce sk_filter_trim_cap() which
is used by the second commit.
The CVE issue is the tcp stack does not expect truncation of filtered
packets; the second commit limits the amount of truncation and updates
TCP_SKB_CB(skb)->end_seq.
Note also that the first (prereq only) commit is only partially backported;
it also included a change to net/rose/rose_in.c, but that is not required
for this CVE, and so I left it out of the backport patch.
Eric Dumazet (1):
tcp: take care of truncations done by sk_filter()
Willem de Bruijn (1):
rose: limit sk_filter trim to payload
include/linux/filter.h | 7 ++++++-
include/net/tcp.h | 1 +
net/core/filter.c | 9 +++++----
net/ipv4/tcp_ipv4.c | 19 ++++++++++++++++++-
net/ipv6/tcp_ipv6.c | 6 ++++--
5 files changed, 34 insertions(+), 8 deletions(-)
--
2.11.0
More information about the kernel-team
mailing list