[trusty/master-next 1/2] ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped
Andy Whitcroft
apw at canonical.com
Thu Jun 7 08:34:35 UTC 2018
From: Eric Dumazet <edumazet at google.com>
While fuzzing kernel with syzkaller, Andrey reported a nasty crash
in inet6_bind() caused by DCCP lacking a required method.
Fixes: ab1e0a13d7029 ("[SOCK] proto: Add hashinfo member to struct proto")
Signed-off-by: Eric Dumazet <edumazet at google.com>
Reported-by: Andrey Konovalov <andreyknvl at google.com>
Tested-by: Andrey Konovalov <andreyknvl at google.com>
Cc: Arnaldo Carvalho de Melo <acme at redhat.com>
Acked-by: Arnaldo Carvalho de Melo <acme at redhat.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
(cherry picked from commit 990ff4d84408fc55942ca6644f67e361737b3d8e)
CVE-2018-1130
Signed-off-by: Andy Whitcroft <apw at canonical.com>
---
net/dccp/ipv6.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 9dacede72332..752317d1df39 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -1027,6 +1027,7 @@ static const struct inet_connection_sock_af_ops dccp_ipv6_mapped = {
.getsockopt = ipv6_getsockopt,
.addr2sockaddr = inet6_csk_addr2sockaddr,
.sockaddr_len = sizeof(struct sockaddr_in6),
+ .bind_conflict = inet6_csk_bind_conflict,
#ifdef CONFIG_COMPAT
.compat_setsockopt = compat_ipv6_setsockopt,
.compat_getsockopt = compat_ipv6_getsockopt,
--
2.17.0
More information about the kernel-team
mailing list