CVE-2017-9075-sctp-do-not-inherit-ipv6_-mc-ac-fl-_list-from-parent.patch

   1 From eaa390df0e82e771601fa68482c4f022674e904f Mon Sep 17 00:00:00 2001
   2 From: Eric Dumazet <edumazet@google.com>
   3 Date: Wed, 17 May 2017 07:16:40 -0700
   4 Subject: [PATCH] sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
   5 MIME-Version: 1.0
   6 Content-Type: text/plain; charset=UTF-8
   7 Content-Transfer-Encoding: 8bit
   8
   9 SCTP needs fixes similar to 83eaddab4378 ("ipv6/dccp: do not inherit
  10 ipv6_mc_list from parent"), otherwise bad things can happen.
  11
  12 Signed-off-by: Eric Dumazet <edumazet@google.com>
  13 Reported-by: Andrey Konovalov <andreyknvl@google.com>
  14 Tested-by: Andrey Konovalov <andreyknvl@google.com>
  15 Signed-off-by: David S. Miller <davem@davemloft.net>
  16
  17 CVE-2017-9075
  18
  19 (cherry-picked from fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8)
  20 Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
  21 Acked-by: Colin King <colin.king@canonical.com>
  22 Acked-by: Andy Whitcroft <andy.whitcroft@canonical.com>
  23 Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
  24
  25 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
  26 ---
  27  net/sctp/ipv6.c | 3 +++
  28  1 file changed, 3 insertions(+)
  29
  30 diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
  31 index 64dfd35ccdcc..ef0ed6bb71e9 100644
  32 --- a/net/sctp/ipv6.c
  33 +++ b/net/sctp/ipv6.c
  34 @@ -666,6 +666,9 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk,
  35         newnp = inet6_sk(newsk);
  36
  37         memcpy(newnp, np, sizeof(struct ipv6_pinfo));
  38 +       newnp->ipv6_mc_list = NULL;
  39 +       newnp->ipv6_ac_list = NULL;
  40 +       newnp->ipv6_fl_list = NULL;
  41
  42         rcu_read_lock();
  43         opt = rcu_dereference(np->opt);
  44 --
  45 2.11.0
  46