aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-grsec/CVE-2013-4348.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/linux-grsec/CVE-2013-4348.patch')
-rw-r--r--main/linux-grsec/CVE-2013-4348.patch35
1 files changed, 0 insertions, 35 deletions
diff --git a/main/linux-grsec/CVE-2013-4348.patch b/main/linux-grsec/CVE-2013-4348.patch
deleted file mode 100644
index cce1592eb8..0000000000
--- a/main/linux-grsec/CVE-2013-4348.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 6f092343855a71e03b8d209815d8c45bf3a27fcd Mon Sep 17 00:00:00 2001
-From: Jason Wang <jasowang@redhat.com>
-Date: Fri, 01 Nov 2013 07:01:10 +0000
-Subject: net: flow_dissector: fail on evil iph->ihl
-
-We don't validate iph->ihl which may lead a dead loop if we meet a IPIP
-skb whose iph->ihl is zero. Fix this by failing immediately when iph->ihl
-is evil (less than 5).
-
-This issue were introduced by commit ec5efe7946280d1e84603389a1030ccec0a767ae
-(rps: support IPIP encapsulation).
-
-Cc: Eric Dumazet <edumazet@google.com>
-Cc: Petr Matousek <pmatouse@redhat.com>
-Cc: Michael S. Tsirkin <mst@redhat.com>
-Cc: Daniel Borkmann <dborkman@redhat.com>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
-Acked-by: Eric Dumazet <edumazet@google.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
-diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
-index 8d7d0dd..143b6fd 100644
---- a/net/core/flow_dissector.c
-+++ b/net/core/flow_dissector.c
-@@ -40,7 +40,7 @@ again:
- struct iphdr _iph;
- ip:
- iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
-- if (!iph)
-+ if (!iph || iph->ihl < 5)
- return false;
-
- if (ip_is_fragment(iph))
---
-cgit v0.9.2
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-02 07:48:31 +0000