30 lines
1.0 KiB
Diff
30 lines
1.0 KiB
Diff
From: Eric Dumazet <edumazet@google.com>
|
|
Date: Wed, 17 May 2017 07:16:40 -0700
|
|
Subject: sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
|
|
Origin: https://git.kernel.org/linus/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8
|
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-9075
|
|
|
|
SCTP needs fixes similar to 83eaddab4378 ("ipv6/dccp: do not inherit
|
|
ipv6_mc_list from parent"), otherwise bad things can happen.
|
|
|
|
Signed-off-by: Eric Dumazet <edumazet@google.com>
|
|
Reported-by: Andrey Konovalov <andreyknvl@google.com>
|
|
Tested-by: Andrey Konovalov <andreyknvl@google.com>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
---
|
|
net/sctp/ipv6.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
--- a/net/sctp/ipv6.c
|
|
+++ b/net/sctp/ipv6.c
|
|
@@ -666,6 +666,9 @@ static struct sock *sctp_v6_create_accep
|
|
newnp = inet6_sk(newsk);
|
|
|
|
memcpy(newnp, np, sizeof(struct ipv6_pinfo));
|
|
+ newnp->ipv6_mc_list = NULL;
|
|
+ newnp->ipv6_ac_list = NULL;
|
|
+ newnp->ipv6_fl_list = NULL;
|
|
|
|
rcu_read_lock();
|
|
opt = rcu_dereference(np->opt);
|