[kernel] r18740 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/series
Ben Hutchings
benh at alioth.debian.org
Sun Feb 26 17:16:18 UTC 2012
Author: benh
Date: Sun Feb 26 17:16:17 2012
New Revision: 18740
Log:
ipsec: be careful of non existing mac headers (Closes: #660804)
Added:
dists/sid/linux-2.6/debian/patches/bugfix/all/ipsec-be-careful-of-non-existing-mac-headers.patch
Modified:
dists/sid/linux-2.6/debian/changelog
dists/sid/linux-2.6/debian/patches/series/base
Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog Sun Feb 26 16:48:43 2012 (r18739)
+++ dists/sid/linux-2.6/debian/changelog Sun Feb 26 17:16:17 2012 (r18740)
@@ -23,6 +23,7 @@
* [mips/r5k-ip32] Enable INPUT_SGI_BTNS (previously INPUT_SGIO2_BTNS)
* [powerpc/powerpc64] Enable IBM_EMAC (previously IBM_NEW_EMAC)
* [x86] drm/i915: do not enable RC6p on Sandy Bridge (Closes: #660265)
+ * ipsec: be careful of non existing mac headers (Closes: #660804)
[ Bastian Blank ]
* Don't advertise Xen support for rt images. (closes: #659988)
Added: dists/sid/linux-2.6/debian/patches/bugfix/all/ipsec-be-careful-of-non-existing-mac-headers.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/ipsec-be-careful-of-non-existing-mac-headers.patch Sun Feb 26 17:16:17 2012 (r18740)
@@ -0,0 +1,142 @@
+From: Eric Dumazet <eric.dumazet at gmail.com>
+Date: Thu, 23 Feb 2012 10:55:02 +0000
+Subject: [PATCH] ipsec: be careful of non existing mac headers
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+commit 03606895cd98c0a628b17324fd7b5ff15db7e3cd upstream.
+
+Niccolo Belli reported ipsec crashes in case we handle a frame without
+mac header (atm in his case)
+
+Before copying mac header, better make sure it is present.
+
+Bugzilla reference: https://bugzilla.kernel.org/show_bug.cgi?id=42809
+
+Reported-by: Niccolò Belli <darkbasic at linuxsystems.it>
+Tested-by: Niccolò Belli <darkbasic at linuxsystems.it>
+Signed-off-by: Eric Dumazet <eric.dumazet at gmail.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ include/linux/skbuff.h | 10 ++++++++++
+ net/ipv4/xfrm4_mode_beet.c | 5 +----
+ net/ipv4/xfrm4_mode_tunnel.c | 6 ++----
+ net/ipv6/xfrm6_mode_beet.c | 6 +-----
+ net/ipv6/xfrm6_mode_tunnel.c | 6 ++----
+ 5 files changed, 16 insertions(+), 17 deletions(-)
+
+diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
+index 50db9b0..ae86ade 100644
+--- a/include/linux/skbuff.h
++++ b/include/linux/skbuff.h
+@@ -1465,6 +1465,16 @@ static inline void skb_set_mac_header(struct sk_buff *skb, const int offset)
+ }
+ #endif /* NET_SKBUFF_DATA_USES_OFFSET */
+
++static inline void skb_mac_header_rebuild(struct sk_buff *skb)
++{
++ if (skb_mac_header_was_set(skb)) {
++ const unsigned char *old_mac = skb_mac_header(skb);
++
++ skb_set_mac_header(skb, -skb->mac_len);
++ memmove(skb_mac_header(skb), old_mac, skb->mac_len);
++ }
++}
++
+ static inline int skb_checksum_start_offset(const struct sk_buff *skb)
+ {
+ return skb->csum_start - skb_headroom(skb);
+diff --git a/net/ipv4/xfrm4_mode_beet.c b/net/ipv4/xfrm4_mode_beet.c
+index 6341818..e3db3f9 100644
+--- a/net/ipv4/xfrm4_mode_beet.c
++++ b/net/ipv4/xfrm4_mode_beet.c
+@@ -110,10 +110,7 @@ static int xfrm4_beet_input(struct xfrm_state *x, struct sk_buff *skb)
+
+ skb_push(skb, sizeof(*iph));
+ skb_reset_network_header(skb);
+-
+- memmove(skb->data - skb->mac_len, skb_mac_header(skb),
+- skb->mac_len);
+- skb_set_mac_header(skb, -skb->mac_len);
++ skb_mac_header_rebuild(skb);
+
+ xfrm4_beet_make_header(skb);
+
+diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c
+index 534972e..ed4bf11 100644
+--- a/net/ipv4/xfrm4_mode_tunnel.c
++++ b/net/ipv4/xfrm4_mode_tunnel.c
+@@ -66,7 +66,6 @@ static int xfrm4_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
+
+ static int xfrm4_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
+ {
+- const unsigned char *old_mac;
+ int err = -EINVAL;
+
+ if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPIP)
+@@ -84,10 +83,9 @@ static int xfrm4_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
+ if (!(x->props.flags & XFRM_STATE_NOECN))
+ ipip_ecn_decapsulate(skb);
+
+- old_mac = skb_mac_header(skb);
+- skb_set_mac_header(skb, -skb->mac_len);
+- memmove(skb_mac_header(skb), old_mac, skb->mac_len);
+ skb_reset_network_header(skb);
++ skb_mac_header_rebuild(skb);
++
+ err = 0;
+
+ out:
+diff --git a/net/ipv6/xfrm6_mode_beet.c b/net/ipv6/xfrm6_mode_beet.c
+index a81ce94..9949a35 100644
+--- a/net/ipv6/xfrm6_mode_beet.c
++++ b/net/ipv6/xfrm6_mode_beet.c
+@@ -80,7 +80,6 @@ static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb)
+ static int xfrm6_beet_input(struct xfrm_state *x, struct sk_buff *skb)
+ {
+ struct ipv6hdr *ip6h;
+- const unsigned char *old_mac;
+ int size = sizeof(struct ipv6hdr);
+ int err;
+
+@@ -90,10 +89,7 @@ static int xfrm6_beet_input(struct xfrm_state *x, struct sk_buff *skb)
+
+ __skb_push(skb, size);
+ skb_reset_network_header(skb);
+-
+- old_mac = skb_mac_header(skb);
+- skb_set_mac_header(skb, -skb->mac_len);
+- memmove(skb_mac_header(skb), old_mac, skb->mac_len);
++ skb_mac_header_rebuild(skb);
+
+ xfrm6_beet_make_header(skb);
+
+diff --git a/net/ipv6/xfrm6_mode_tunnel.c b/net/ipv6/xfrm6_mode_tunnel.c
+index 261e6e6..9f2095b 100644
+--- a/net/ipv6/xfrm6_mode_tunnel.c
++++ b/net/ipv6/xfrm6_mode_tunnel.c
+@@ -63,7 +63,6 @@ static int xfrm6_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
+ static int xfrm6_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
+ {
+ int err = -EINVAL;
+- const unsigned char *old_mac;
+
+ if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPV6)
+ goto out;
+@@ -80,10 +79,9 @@ static int xfrm6_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
+ if (!(x->props.flags & XFRM_STATE_NOECN))
+ ipip6_ecn_decapsulate(skb);
+
+- old_mac = skb_mac_header(skb);
+- skb_set_mac_header(skb, -skb->mac_len);
+- memmove(skb_mac_header(skb), old_mac, skb->mac_len);
+ skb_reset_network_header(skb);
++ skb_mac_header_rebuild(skb);
++
+ err = 0;
+
+ out:
+--
+1.7.9.1
+
Modified: dists/sid/linux-2.6/debian/patches/series/base
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/base Sun Feb 26 16:48:43 2012 (r18739)
+++ dists/sid/linux-2.6/debian/patches/series/base Sun Feb 26 17:16:17 2012 (r18740)
@@ -80,3 +80,4 @@
+ bugfix/all/builddeb-Don-t-create-files-in-tmp-with-predictable-.patch
+ bugfix/x86/drm-i915-do-not-enable-RC6p-on-Sandy-Bridge.patch
+ bugfix/x86/drm-i915-fix-operator-precedence-when-enabling-RC6p.patch
++ bugfix/all/ipsec-be-careful-of-non-existing-mac-headers.patch
More information about the Kernel-svn-changes
mailing list