From 18520692cd1788be8b6bd3d9bc4c9f63826875f2 Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon, 25 Jul 2011 20:25:28 +0200
Subject: [PATCH] kernel: add a patch for cve-2011-1767/1768.

---
 lfs/linux                                     |   3 +
 .../linux-2.6.32.43-cve_2011_1767+1768.patch  | 137 ++++++++++++++++++
 2 files changed, 140 insertions(+)
 create mode 100644 src/patches/linux-2.6.32.43-cve_2011_1767+1768.patch

diff --git a/lfs/linux b/lfs/linux
index c39fb74d09..ac85f202e3 100644
--- a/lfs/linux
+++ b/lfs/linux
@@ -125,6 +125,9 @@ else
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32-imq-test2.patch
 endif
 
+	# Patch CVE 2011-1767 and 1768 dos hole
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.43-cve_2011_1767+1768.patch
+
 	# Not report deprecated syscall 1.23 (for kudzu)
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.25.18-not_report_sysctl_1.23.patch
 
diff --git a/src/patches/linux-2.6.32.43-cve_2011_1767+1768.patch b/src/patches/linux-2.6.32.43-cve_2011_1767+1768.patch
new file mode 100644
index 0000000000..076cce6f81
--- /dev/null
+++ b/src/patches/linux-2.6.32.43-cve_2011_1767+1768.patch
@@ -0,0 +1,137 @@
+diff -Naur linux-2.6.32.43.org/net/ipv4/ip_gre.c linux-2.6.32.43/net/ipv4/ip_gre.c
+--- linux-2.6.32.43.org/net/ipv4/ip_gre.c	2011-07-13 05:29:43.000000000 +0200
++++ linux-2.6.32.43/net/ipv4/ip_gre.c	2011-06-20 19:27:06.000000000 +0200
+@@ -1665,14 +1665,16 @@
+ 
+ 	printk(KERN_INFO "GRE over IPv4 tunneling driver\n");
+ 
+-	if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) {
+-		printk(KERN_INFO "ipgre init: can't add protocol\n");
+-		return -EAGAIN;
+-	}
+-
+ 	err = register_pernet_gen_device(&ipgre_net_id, &ipgre_net_ops);
+ 	if (err < 0)
++		goto out;
++
++	err = inet_add_protocol(&ipgre_protocol, IPPROTO_GRE);
++	if (err < 0) {
++		printk(KERN_INFO "ipgre init: can't add protocol\n");
++		err = -EAGAIN;
+ 		goto gen_device_failed;
++	}
+ 
+ 	err = rtnl_link_register(&ipgre_link_ops);
+ 	if (err < 0)
+@@ -1688,9 +1690,9 @@
+ tap_ops_failed:
+ 	rtnl_link_unregister(&ipgre_link_ops);
+ rtnl_link_failed:
+-	unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+-gen_device_failed:
+ 	inet_del_protocol(&ipgre_protocol, IPPROTO_GRE);
++gen_device_failed:
++	unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+ 	goto out;
+ }
+ 
+@@ -1698,9 +1700,10 @@
+ {
+ 	rtnl_link_unregister(&ipgre_tap_ops);
+ 	rtnl_link_unregister(&ipgre_link_ops);
+-	unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+ 	if (inet_del_protocol(&ipgre_protocol, IPPROTO_GRE) < 0)
+ 		printk(KERN_INFO "ipgre close: can't remove protocol\n");
++	
++	unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+ }
+ 
+ module_init(ipgre_init);
+diff -Naur linux-2.6.32.43.org/net/ipv4/ipip.c linux-2.6.32.43/net/ipv4/ipip.c
+--- linux-2.6.32.43.org/net/ipv4/ipip.c	2011-07-13 05:29:43.000000000 +0200
++++ linux-2.6.32.43/net/ipv4/ipip.c	2011-06-20 19:27:06.000000000 +0200
+@@ -830,15 +830,14 @@
+ 
+ 	printk(banner);
+ 
+-	if (xfrm4_tunnel_register(&ipip_handler, AF_INET)) {
++	err = register_pernet_gen_device(&ipip_net_id, &ipip_net_ops);
++	if (err < 0)
++		return err;
++	err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
++	if (err < 0) {
++		unregister_pernet_gen_device(ipip_net_id, &ipip_net_ops);
+ 		printk(KERN_INFO "ipip init: can't register tunnel\n");
+-		return -EAGAIN;
+ 	}
+-
+-	err = register_pernet_gen_device(&ipip_net_id, &ipip_net_ops);
+-	if (err)
+-		xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
+-
+ 	return err;
+ }
+ 
+diff -Naur linux-2.6.32.43.org/net/ipv6/ip6_tunnel.c linux-2.6.32.43/net/ipv6/ip6_tunnel.c
+--- linux-2.6.32.43.org/net/ipv6/ip6_tunnel.c	2011-07-13 05:29:43.000000000 +0200
++++ linux-2.6.32.43/net/ipv6/ip6_tunnel.c	2011-06-20 19:27:06.000000000 +0200
+@@ -1466,10 +1465,14 @@
+ {
+ 	int  err;
+ 
++	err = register_pernet_gen_device(&ip6_tnl_net_id, &ip6_tnl_net_ops);
++	if (err < 0)
++		goto out;
++
+ 	if (xfrm6_tunnel_register(&ip4ip6_handler, AF_INET)) {
+ 		printk(KERN_ERR "ip6_tunnel init: can't register ip4ip6\n");
+ 		err = -EAGAIN;
+-		goto out;
++		goto unreg_pernet_dev;
+ 	}
+ 
+ 	if (xfrm6_tunnel_register(&ip6ip6_handler, AF_INET6)) {
+@@ -1478,14 +1481,12 @@
+ 		goto unreg_ip4ip6;
+ 	}
+ 
+-	err = register_pernet_gen_device(&ip6_tnl_net_id, &ip6_tnl_net_ops);
+-	if (err < 0)
+-		goto err_pernet;
+ 	return 0;
+-err_pernet:
+-	xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6);
++
+ unreg_ip4ip6:
+ 	xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET);
++unreg_pernet_dev:
++	unregister_pernet_gen_device(ip6_tnl_net_id, &ip6_tnl_net_ops);
+ out:
+ 	return err;
+ }
+diff -Naur linux-2.6.32.43.org/net/ipv6/sit.c linux-2.6.32.43/net/ipv6/sit.c
+--- linux-2.6.32.43.org/net/ipv6/sit.c	2011-07-13 05:29:43.000000000 +0200
++++ linux-2.6.32.43/net/ipv6/sit.c	2011-06-20 19:27:06.000000000 +0200
+@@ -1086,15 +1086,17 @@
+ 
+ 	printk(KERN_INFO "IPv6 over IPv4 tunneling driver\n");
+ 
+-	if (xfrm4_tunnel_register(&sit_handler, AF_INET6) < 0) {
++	err = register_pernet_gen_device(&sit_net_id, &sit_net_ops);
++	if (err < 0)
++		return err;
++
++	err = xfrm4_tunnel_register(&sit_handler, AF_INET6);
++	if (err < 0) {
++		unregister_pernet_gen_device(sit_net_id, &sit_net_ops);
+ 		printk(KERN_INFO "sit init: Can't add protocol\n");
+ 		return -EAGAIN;
+ 	}
+ 
+-	err = register_pernet_gen_device(&sit_net_id, &sit_net_ops);
+-	if (err < 0)
+-		xfrm4_tunnel_deregister(&sit_handler, AF_INET6);
+-
+ 	return err;
+ }
+ 
-- 
2.39.2