kernel: add a patch for cve-2011-1767/1768.

2026-04-19 15:32:59 +02:00 · 2011-07-25 20:25:28 +02:00
parent 6a6a89a2c4
commit 18520692cd
2 changed files with 140 additions and 0 deletions
--- a/lfs/linux
+++ b/lfs/linux
@@ -125,6 +125,9 @@ else
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32-imq-test2.patch
 endif

+	# Patch CVE 2011-1767 and 1768 dos hole
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.32.43-cve_2011_1767+1768.patch
+
 	# Not report deprecated syscall 1.23 (for kudzu)
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-2.6.25.18-not_report_sysctl_1.23.patch

--- a/src/patches/linux-2.6.32.43-cve_2011_1767+1768.patch
+++ b/src/patches/linux-2.6.32.43-cve_2011_1767+1768.patch
@@ -0,0 +1,137 @@
+diff -Naur linux-2.6.32.43.org/net/ipv4/ip_gre.c linux-2.6.32.43/net/ipv4/ip_gre.c
+--- linux-2.6.32.43.org/net/ipv4/ip_gre.c	2011-07-13 05:29:43.000000000 +0200
+++ linux-2.6.32.43/net/ipv4/ip_gre.c	2011-06-20 19:27:06.000000000 +0200
+@@ -1665,14 +1665,16 @@
+ 
+ 	printk(KERN_INFO "GRE over IPv4 tunneling driver\n");
+ 
+-	if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) {
+-		printk(KERN_INFO "ipgre init: can't add protocol\n");
+-		return -EAGAIN;
+-	}
+-
+ 	err = register_pernet_gen_device(&ipgre_net_id, &ipgre_net_ops);
+ 	if (err < 0)
+		goto out;
+
+	err = inet_add_protocol(&ipgre_protocol, IPPROTO_GRE);
+	if (err < 0) {
+		printk(KERN_INFO "ipgre init: can't add protocol\n");
+		err = -EAGAIN;
+ 		goto gen_device_failed;
+	}
+ 
+ 	err = rtnl_link_register(&ipgre_link_ops);
+ 	if (err < 0)
+@@ -1688,9 +1690,9 @@
+ tap_ops_failed:
+ 	rtnl_link_unregister(&ipgre_link_ops);
+ rtnl_link_failed:
+-	unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+-gen_device_failed:
+ 	inet_del_protocol(&ipgre_protocol, IPPROTO_GRE);
+gen_device_failed:
+	unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+ 	goto out;
+ }
+ 
+@@ -1698,9 +1700,10 @@
+ {
+ 	rtnl_link_unregister(&ipgre_tap_ops);
+ 	rtnl_link_unregister(&ipgre_link_ops);
+-	unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+ 	if (inet_del_protocol(&ipgre_protocol, IPPROTO_GRE) < 0)
+ 		printk(KERN_INFO "ipgre close: can't remove protocol\n");
+	
+	unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+ }
+ 
+ module_init(ipgre_init);
+diff -Naur linux-2.6.32.43.org/net/ipv4/ipip.c linux-2.6.32.43/net/ipv4/ipip.c
+--- linux-2.6.32.43.org/net/ipv4/ipip.c	2011-07-13 05:29:43.000000000 +0200
+++ linux-2.6.32.43/net/ipv4/ipip.c	2011-06-20 19:27:06.000000000 +0200
+@@ -830,15 +830,14 @@
+ 
+ 	printk(banner);
+ 
+-	if (xfrm4_tunnel_register(&ipip_handler, AF_INET)) {
+	err = register_pernet_gen_device(&ipip_net_id, &ipip_net_ops);
+	if (err < 0)
+		return err;
+	err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
+	if (err < 0) {
+		unregister_pernet_gen_device(ipip_net_id, &ipip_net_ops);
+ 		printk(KERN_INFO "ipip init: can't register tunnel\n");
+-		return -EAGAIN;
+ 	}
+-
+-	err = register_pernet_gen_device(&ipip_net_id, &ipip_net_ops);
+-	if (err)
+-		xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
+-
+ 	return err;
+ }
+ 
+diff -Naur linux-2.6.32.43.org/net/ipv6/ip6_tunnel.c linux-2.6.32.43/net/ipv6/ip6_tunnel.c
+--- linux-2.6.32.43.org/net/ipv6/ip6_tunnel.c	2011-07-13 05:29:43.000000000 +0200
+++ linux-2.6.32.43/net/ipv6/ip6_tunnel.c	2011-06-20 19:27:06.000000000 +0200
+@@ -1466,10 +1465,14 @@
+ {
+ 	int  err;
+ 
+	err = register_pernet_gen_device(&ip6_tnl_net_id, &ip6_tnl_net_ops);
+	if (err < 0)
+		goto out;
+
+ 	if (xfrm6_tunnel_register(&ip4ip6_handler, AF_INET)) {
+ 		printk(KERN_ERR "ip6_tunnel init: can't register ip4ip6\n");
+ 		err = -EAGAIN;
+-		goto out;
+		goto unreg_pernet_dev;
+ 	}
+ 
+ 	if (xfrm6_tunnel_register(&ip6ip6_handler, AF_INET6)) {
+@@ -1478,14 +1481,12 @@
+ 		goto unreg_ip4ip6;
+ 	}
+ 
+-	err = register_pernet_gen_device(&ip6_tnl_net_id, &ip6_tnl_net_ops);
+-	if (err < 0)
+-		goto err_pernet;
+ 	return 0;
+-err_pernet:
+-	xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6);
+
+ unreg_ip4ip6:
+ 	xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET);
+unreg_pernet_dev:
+	unregister_pernet_gen_device(ip6_tnl_net_id, &ip6_tnl_net_ops);
+ out:
+ 	return err;
+ }
+diff -Naur linux-2.6.32.43.org/net/ipv6/sit.c linux-2.6.32.43/net/ipv6/sit.c
+--- linux-2.6.32.43.org/net/ipv6/sit.c	2011-07-13 05:29:43.000000000 +0200
+++ linux-2.6.32.43/net/ipv6/sit.c	2011-06-20 19:27:06.000000000 +0200
+@@ -1086,15 +1086,17 @@
+ 
+ 	printk(KERN_INFO "IPv6 over IPv4 tunneling driver\n");
+ 
+-	if (xfrm4_tunnel_register(&sit_handler, AF_INET6) < 0) {
+	err = register_pernet_gen_device(&sit_net_id, &sit_net_ops);
+	if (err < 0)
+		return err;
+
+	err = xfrm4_tunnel_register(&sit_handler, AF_INET6);
+	if (err < 0) {
+		unregister_pernet_gen_device(sit_net_id, &sit_net_ops);
+ 		printk(KERN_INFO "sit init: Can't add protocol\n");
+ 		return -EAGAIN;
+ 	}
+ 
+-	err = register_pernet_gen_device(&sit_net_id, &sit_net_ops);
+-	if (err < 0)
+-		xfrm4_tunnel_deregister(&sit_handler, AF_INET6);
+-
+ 	return err;
+ }
+