CVE-2017-9076_9077-ipv6-dccp-do-not-inherit-ipv6_mc_list-from-parent.patch

   1 From ef8ae9e80ab0846763c6405968852e19c9a87782 Mon Sep 17 00:00:00 2001
   2 From: WANG Cong <xiyou.wangcong@gmail.com>
   3 Date: Wed, 7 Jun 2017 12:28:27 +0200
   4 Subject: [PATCH] ipv6/dccp: do not inherit ipv6_mc_list from parent
   5 MIME-Version: 1.0
   6 Content-Type: text/plain; charset=UTF-8
   7 Content-Transfer-Encoding: 8bit
   8
   9 Like commit 657831ffc38e ("dccp/tcp: do not inherit mc_list from parent")
  10 we should clear ipv6_mc_list etc. for IPv6 sockets too.
  11
  12 Cc: Eric Dumazet <edumazet@google.com>
  13 Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
  14 Acked-by: Eric Dumazet <edumazet@google.com>
  15 Signed-off-by: David S. Miller <davem@davemloft.net>
  16
  17 CVE-2017-9076
  18 CVE-2017-9077
  19
  20 (cherry-picked from 83eaddab4378db256d00d295bda6ca997cd13a52)
  21 Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
  22 Acked-by: Colin Ian King <colin.king@canonical.com>
  23 Acked-by: Andy Whitcroft <apw@canonical.com>
  24 Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
  25
  26 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
  27 ---
  28  net/dccp/ipv6.c     | 6 ++++++
  29  net/ipv6/tcp_ipv6.c | 2 ++
  30  2 files changed, 8 insertions(+)
  31
  32 diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
  33 index 2f3e8bbe2cb9..8f41327c1edf 100644
  34 --- a/net/dccp/ipv6.c
  35 +++ b/net/dccp/ipv6.c
  36 @@ -426,6 +426,9 @@ static struct sock *dccp_v6_request_recv_sock(const struct sock *sk,
  37                 newsk->sk_backlog_rcv = dccp_v4_do_rcv;
  38                 newnp->pktoptions  = NULL;
  39                 newnp->opt         = NULL;
  40 +               newnp->ipv6_mc_list = NULL;
  41 +               newnp->ipv6_ac_list = NULL;
  42 +               newnp->ipv6_fl_list = NULL;
  43                 newnp->mcast_oif   = inet6_iif(skb);
  44                 newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
  45
  46 @@ -490,6 +493,9 @@ static struct sock *dccp_v6_request_recv_sock(const struct sock *sk,
  47         /* Clone RX bits */
  48         newnp->rxopt.all = np->rxopt.all;
  49
  50 +       newnp->ipv6_mc_list = NULL;
  51 +       newnp->ipv6_ac_list = NULL;
  52 +       newnp->ipv6_fl_list = NULL;
  53         newnp->pktoptions = NULL;
  54         newnp->opt        = NULL;
  55         newnp->mcast_oif  = inet6_iif(skb);
  56 diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
  57 index cfc232714139..c0ca1218801b 100644
  58 --- a/net/ipv6/tcp_ipv6.c
  59 +++ b/net/ipv6/tcp_ipv6.c
  60 @@ -1055,6 +1055,7 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *
  61                 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
  62  #endif
  63
  64 +               newnp->ipv6_mc_list = NULL;
  65                 newnp->ipv6_ac_list = NULL;
  66                 newnp->ipv6_fl_list = NULL;
  67                 newnp->pktoptions  = NULL;
  68 @@ -1124,6 +1125,7 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *
  69            First: no IPv4 options.
  70          */
  71         newinet->inet_opt = NULL;
  72 +       newnp->ipv6_mc_list = NULL;
  73         newnp->ipv6_ac_list = NULL;
  74         newnp->ipv6_fl_list = NULL;
  75
  76 --
  77 2.11.0
  78