kernel: add a patch for cve-2011-1767/1768.

diff --git a/lfs/linux b/lfs/linux
index c39fb74d093bcaba0e05244f69631a6f58f7714d..ac85f202e373cd8410b28976d016c9936c03c123 100644 (file)
--- a/lfs/linux
+++ b/lfs/linux
@@ -125,6 +125,9 @@ else
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32-imq-test2.patch
 endif
 
+       # Patch CVE 2011-1767 and 1768 dos hole
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.43-cve_2011_1767+1768.patch
+
        # Not report deprecated syscall 1.23 (for kudzu)
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.25.18-not_report_sysctl_1.23.patch
 

diff --git a/src/patches/linux-2.6.32.43-cve_2011_1767+1768.patch b/src/patches/linux-2.6.32.43-cve_2011_1767+1768.patch
new file mode 100644 (file)
index 0000000..076cce6
--- /dev/null
+++ b/src/patches/linux-2.6.32.43-cve_2011_1767+1768.patch
@@ -0,0 +1,137 @@
+diff -Naur linux-2.6.32.43.org/net/ipv4/ip_gre.c linux-2.6.32.43/net/ipv4/ip_gre.c
+--- linux-2.6.32.43.org/net/ipv4/ip_gre.c      2011-07-13 05:29:43.000000000 +0200
++++ linux-2.6.32.43/net/ipv4/ip_gre.c  2011-06-20 19:27:06.000000000 +0200
+@@ -1665,14 +1665,16 @@
+ 
+       printk(KERN_INFO "GRE over IPv4 tunneling driver\n");
+ 
+-      if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) {
+-              printk(KERN_INFO "ipgre init: can't add protocol\n");
+-              return -EAGAIN;
+-      }
+-
+       err = register_pernet_gen_device(&ipgre_net_id, &ipgre_net_ops);
+       if (err < 0)
++              goto out;
++
++      err = inet_add_protocol(&ipgre_protocol, IPPROTO_GRE);
++      if (err < 0) {
++              printk(KERN_INFO "ipgre init: can't add protocol\n");
++              err = -EAGAIN;
+               goto gen_device_failed;
++      }
+ 
+       err = rtnl_link_register(&ipgre_link_ops);
+       if (err < 0)
+@@ -1688,9 +1690,9 @@
+ tap_ops_failed:
+       rtnl_link_unregister(&ipgre_link_ops);
+ rtnl_link_failed:
+-      unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+-gen_device_failed:
+       inet_del_protocol(&ipgre_protocol, IPPROTO_GRE);
++gen_device_failed:
++      unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+       goto out;
+ }
+ 
+@@ -1698,9 +1700,10 @@
+ {
+       rtnl_link_unregister(&ipgre_tap_ops);
+       rtnl_link_unregister(&ipgre_link_ops);
+-      unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+       if (inet_del_protocol(&ipgre_protocol, IPPROTO_GRE) < 0)
+               printk(KERN_INFO "ipgre close: can't remove protocol\n");
++      
++      unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+ }
+ 
+ module_init(ipgre_init);
+diff -Naur linux-2.6.32.43.org/net/ipv4/ipip.c linux-2.6.32.43/net/ipv4/ipip.c
+--- linux-2.6.32.43.org/net/ipv4/ipip.c        2011-07-13 05:29:43.000000000 +0200
++++ linux-2.6.32.43/net/ipv4/ipip.c    2011-06-20 19:27:06.000000000 +0200
+@@ -830,15 +830,14 @@
+ 
+       printk(banner);
+ 
+-      if (xfrm4_tunnel_register(&ipip_handler, AF_INET)) {
++      err = register_pernet_gen_device(&ipip_net_id, &ipip_net_ops);
++      if (err < 0)
++              return err;
++      err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
++      if (err < 0) {
++              unregister_pernet_gen_device(ipip_net_id, &ipip_net_ops);
+               printk(KERN_INFO "ipip init: can't register tunnel\n");
+-              return -EAGAIN;
+       }
+-
+-      err = register_pernet_gen_device(&ipip_net_id, &ipip_net_ops);
+-      if (err)
+-              xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
+-
+       return err;
+ }
+ 
+diff -Naur linux-2.6.32.43.org/net/ipv6/ip6_tunnel.c linux-2.6.32.43/net/ipv6/ip6_tunnel.c
+--- linux-2.6.32.43.org/net/ipv6/ip6_tunnel.c  2011-07-13 05:29:43.000000000 +0200
++++ linux-2.6.32.43/net/ipv6/ip6_tunnel.c      2011-06-20 19:27:06.000000000 +0200
+@@ -1466,10 +1465,14 @@
+ {
+       int  err;
+ 
++      err = register_pernet_gen_device(&ip6_tnl_net_id, &ip6_tnl_net_ops);
++      if (err < 0)
++              goto out;
++
+       if (xfrm6_tunnel_register(&ip4ip6_handler, AF_INET)) {
+               printk(KERN_ERR "ip6_tunnel init: can't register ip4ip6\n");
+               err = -EAGAIN;
+-              goto out;
++              goto unreg_pernet_dev;
+       }
+ 
+       if (xfrm6_tunnel_register(&ip6ip6_handler, AF_INET6)) {
+@@ -1478,14 +1481,12 @@
+               goto unreg_ip4ip6;
+       }
+ 
+-      err = register_pernet_gen_device(&ip6_tnl_net_id, &ip6_tnl_net_ops);
+-      if (err < 0)
+-              goto err_pernet;
+       return 0;
+-err_pernet:
+-      xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6);
++
+ unreg_ip4ip6:
+       xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET);
++unreg_pernet_dev:
++      unregister_pernet_gen_device(ip6_tnl_net_id, &ip6_tnl_net_ops);
+ out:
+       return err;
+ }
+diff -Naur linux-2.6.32.43.org/net/ipv6/sit.c linux-2.6.32.43/net/ipv6/sit.c
+--- linux-2.6.32.43.org/net/ipv6/sit.c 2011-07-13 05:29:43.000000000 +0200
++++ linux-2.6.32.43/net/ipv6/sit.c     2011-06-20 19:27:06.000000000 +0200
+@@ -1086,15 +1086,17 @@
+ 
+       printk(KERN_INFO "IPv6 over IPv4 tunneling driver\n");
+ 
+-      if (xfrm4_tunnel_register(&sit_handler, AF_INET6) < 0) {
++      err = register_pernet_gen_device(&sit_net_id, &sit_net_ops);
++      if (err < 0)
++              return err;
++
++      err = xfrm4_tunnel_register(&sit_handler, AF_INET6);
++      if (err < 0) {
++              unregister_pernet_gen_device(sit_net_id, &sit_net_ops);
+               printk(KERN_INFO "sit init: Can't add protocol\n");
+               return -EAGAIN;
+       }
+ 
+-      err = register_pernet_gen_device(&sit_net_id, &sit_net_ops);
+-      if (err < 0)
+-              xfrm4_tunnel_deregister(&sit_handler, AF_INET6);
+-
+       return err;
+ }
+