Commit 3ccd42b3 authored by Dann Frazier's avatar Dann Frazier

* Fix ipv6 rfc conformance issue introduced in 2.6.18.dfsg.1-13 by the

  fix for CVE-2007-2242. Thanks to Brian Haley for the patch.
  (closes: #440127)

svn path=/dists/etch/linux-2.6/; revision=9493
parent d51abb55
......@@ -24,8 +24,11 @@ linux-2.6 (2.6.18.dfsg.1-14) UNRELEASED; urgency=high
***THIS PATCH HAS NOT YET BEEN VERIFIED TO FIX THIS BUG***
* bugfix/reset-pdeathsig-on-suid-upstream.patch
Update fix for CVE-2007-3848 with the patch accepted upstream
* Fix ipv6 rfc conformance issue introduced in 2.6.18.dfsg.1-13 by the
fix for CVE-2007-2242. Thanks to Brian Haley for the patch.
(closes: #440127)
-- dann frazier <dannf@debian.org> Mon, 03 Sep 2007 23:33:06 -0600
-- dann frazier <dannf@debian.org> Mon, 10 Sep 2007 22:56:21 -0600
linux-2.6 (2.6.18.dfsg.1-13etch2) stable-security; urgency=high
......
diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c
index 95a9eb5..6e9822d 100644
--- a/net/ipv6/exthdrs.c
+++ b/net/ipv6/exthdrs.c
@@ -249,12 +249,6 @@ static int ipv6_rthdr_rcv(struct sk_buff **skbp)
hdr = (struct ipv6_rt_hdr *) skb->h.raw;
- if (hdr->type != IPV6_SRCRT_TYPE_0) {
- IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
- icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, (&hdr->type) - skb->nh.raw);
- return -1;
- }
-
if (ipv6_addr_is_multicast(&skb->nh.ipv6h->daddr) ||
skb->pkt_type != PACKET_HOST) {
IP6_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS);
@@ -273,6 +267,12 @@ looped_back:
return 1;
}
+ if (hdr->type != IPV6_SRCRT_TYPE_0) {
+ IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
+ icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, (&hdr->type) - skb->nh.raw);
+ return -1;
+ }
+
if (hdr->hdrlen & 0x01) {
IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, (&hdr->hdrlen) - skb->nh.raw);
......@@ -14,3 +14,4 @@
+ bugfix/forcedeth-correct-mac-only-new.patch
- bugfix/reset-pdeathsig-on-suid.patch
+ bugfix/reset-pdeathsig-on-suid-upstream.patch
+ bugfix/ipv6-disallow-RH0-by-default-2.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment