mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-09-20 04:34:47 -04:00
Switch to new CVE patchset
This commit is contained in:
Tad
parent
57ce42402b
commit
11c7037780
1215 changed files with 60697 additions and 14533 deletions
|
|
@ -1,50 +0,0 @@
|
|||
From 223b02d923ecd7c84cf9780bb3686f455d279279 Mon Sep 17 00:00:00 2001
|
||||
From: Andrey Vagin <avagin@openvz.org>
|
||||
Date: Fri, 28 Mar 2014 13:54:32 +0400
|
||||
Subject: [PATCH] netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len
|
||||
|
||||
"len" contains sizeof(nf_ct_ext) and size of extensions. In a worst
|
||||
case it can contain all extensions. Bellow you can find sizes for all
|
||||
types of extensions. Their sum is definitely bigger than 256.
|
||||
|
||||
nf_ct_ext_types[0]->len = 24
|
||||
nf_ct_ext_types[1]->len = 32
|
||||
nf_ct_ext_types[2]->len = 24
|
||||
nf_ct_ext_types[3]->len = 32
|
||||
nf_ct_ext_types[4]->len = 152
|
||||
nf_ct_ext_types[5]->len = 2
|
||||
nf_ct_ext_types[6]->len = 16
|
||||
nf_ct_ext_types[7]->len = 8
|
||||
|
||||
I have seen "len" up to 280 and my host has crashes w/o this patch.
|
||||
|
||||
The right way to fix this problem is reducing the size of the ecache
|
||||
extension (4) and Florian is going to do this, but these changes will
|
||||
be quite large to be appropriate for a stable tree.
|
||||
|
||||
Fixes: 5b423f6a40a0 (netfilter: nf_conntrack: fix racy timer handling with reliable)
|
||||
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
Cc: Patrick McHardy <kaber@trash.net>
|
||||
Cc: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
||||
Cc: "David S. Miller" <davem@davemloft.net>
|
||||
Signed-off-by: Andrey Vagin <avagin@openvz.org>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
---
|
||||
include/net/netfilter/nf_conntrack_extend.h | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/include/net/netfilter/nf_conntrack_extend.h b/include/net/netfilter/nf_conntrack_extend.h
|
||||
index 956b175523ffa..55d15049ab2fd 100644
|
||||
--- a/include/net/netfilter/nf_conntrack_extend.h
|
||||
+++ b/include/net/netfilter/nf_conntrack_extend.h
|
||||
@@ -47,8 +47,8 @@ enum nf_ct_ext_id {
|
||||
/* Extensions: optional stuff which isn't permanently in struct. */
|
||||
struct nf_ct_ext {
|
||||
struct rcu_head rcu;
|
||||
- u8 offset[NF_CT_EXT_NUM];
|
||||
- u8 len;
|
||||
+ u16 offset[NF_CT_EXT_NUM];
|
||||
+ u16 len;
|
||||
char data[0];
|
||||
};
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue