/[linux-patches]/genpatches-2.6/trunk/2.6.14/1492_16.1_block-inetid-during-rst.patch
Gentoo

Contents of /genpatches-2.6/trunk/2.6.14/1492_16.1_block-inetid-during-rst.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 381 - (show annotations) (download) (as text)
Thu Apr 13 15:29:29 2006 UTC (14 years, 6 months ago) by johnm
File MIME type: text/x-diff
File size: 1629 byte(s)
Applying appropriate CVE fixes
1 From stable-bounces@linux.kernel.org Wed Mar 22 14:36:39 2006
2 Date: Wed, 22 Mar 2006 14:34:42 -0800 (PST)
3 From: "David S. Miller" <davem@davemloft.net>
4 To: stable@kernel.org
5 Cc:
6 Subject: [PATCH] TCP: Do not use inet->id of global tcp_socket when sending RST (CVE-2006-1242)
7
8 From: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
9
10
11 The problem is in ip_push_pending_frames(), which uses:
12
13 if (!df) {
14 __ip_select_ident(iph, &rt->u.dst, 0);
15 } else {
16 iph->id = htons(inet->id++);
17 }
18
19 instead of ip_select_ident().
20
21 Right now I think the code is a nonsense. Most likely, I copied it from
22 old ip_build_xmit(), where it was really special, we had to decide
23 whether to generate unique ID when generating the first (well, the last)
24 fragment.
25
26 In ip_push_pending_frames() it does not make sense, it should use plain
27 ip_select_ident() instead.
28
29 Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
30 Signed-off-by: David S. Miller <davem@davemloft.net>
31 Signed-off-by: Chris Wright <chrisw@sous-sol.org>
32 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
33 ---
34
35 net/ipv4/ip_output.c | 6 +-----
36 1 file changed, 1 insertion(+), 5 deletions(-)
37
38 --- linux-2.6.16.orig/net/ipv4/ip_output.c
39 +++ linux-2.6.16/net/ipv4/ip_output.c
40 @@ -1249,11 +1249,7 @@ int ip_push_pending_frames(struct sock *
41 iph->tos = inet->tos;
42 iph->tot_len = htons(skb->len);
43 iph->frag_off = df;
44 - if (!df) {
45 - __ip_select_ident(iph, &rt->u.dst, 0);
46 - } else {
47 - iph->id = htons(inet->id++);
48 - }
49 + ip_select_ident(iph, &rt->u.dst, sk);
50 iph->ttl = ttl;
51 iph->protocol = sk->sk_protocol;
52 iph->saddr = rt->rt_src;

  ViewVC Help
Powered by ViewVC 1.1.20