1 files changed, 0 insertions, 35 deletions

diff --git a/main/linux-virt-grsec/CVE-2013-4348.patch b/main/linux-virt-grsec/CVE-2013-4348.patch
deleted file mode 100644
index cce1592eb..000000000
--- a/main/linux-virt-grsec/CVE-2013-4348.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 6f092343855a71e03b8d209815d8c45bf3a27fcd Mon Sep 17 00:00:00 2001
-From: Jason Wang <jasowang@redhat.com>
-Date: Fri, 01 Nov 2013 07:01:10 +0000
-Subject: net: flow_dissector: fail on evil iph->ihl
-
-We don't validate iph->ihl which may lead a dead loop if we meet a IPIP
-skb whose iph->ihl is zero. Fix this by failing immediately when iph->ihl
-is evil (less than 5).
-
-This issue were introduced by commit ec5efe7946280d1e84603389a1030ccec0a767ae
-(rps: support IPIP encapsulation).
-
-Cc: Eric Dumazet <edumazet@google.com>
-Cc: Petr Matousek <pmatouse@redhat.com>
-Cc: Michael S. Tsirkin <mst@redhat.com>
-Cc: Daniel Borkmann <dborkman@redhat.com>
-Signed-off-by: Jason Wang <jasowang@redhat.com>
-Acked-by: Eric Dumazet <edumazet@google.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
-diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
-index 8d7d0dd..143b6fd 100644
---- a/net/core/flow_dissector.c
-+++ b/net/core/flow_dissector.c
-@@ -40,7 +40,7 @@ again:
- 		struct iphdr _iph;
- ip:
- 		iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
--		if (!iph)
-+		if (!iph || iph->ihl < 5)
- 			return false;
- 
- 		if (ip_is_fragment(iph))
---
-cgit v0.9.2