wok-current rev 19376
linux: CVE-2016-5696
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Sat Aug 13 09:04:52 2016 +0200 (2016-08-13) |
parents | 5f47ce4a9a34 |
children | 707e4ea3a113 |
files | linux/receipt linux/stuff/linux-CVE-2016-5696.u |
line diff
1.1 --- a/linux/receipt Fri Aug 12 09:56:34 2016 +0200 1.2 +++ b/linux/receipt Sat Aug 13 09:04:52 2016 +0200 1.3 @@ -224,6 +224,7 @@ 1.4 $PACKAGE-subroot.u 1.5 $PACKAGE-romfs.u 1.6 $PACKAGE-hardlinks.u 1.7 +$PACKAGE-CVE-2016-5696.u 1.8 aufs3-base.patch 1.9 aufs3-standalone.patch 1.10 aufs3-loopback.patch
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/linux/stuff/linux-CVE-2016-5696.u Sat Aug 13 09:04:52 2016 +0200 2.3 @@ -0,0 +1,33 @@ 2.4 +http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758 2.5 +--- linux-3.2.71/net/ipv4/tcp_input.c 2.6 ++++ linux-3.2.71/net/ipv4/tcp_input.c 2.7 +@@ -87,7 +87,7 @@ 2.8 + EXPORT_SYMBOL(sysctl_tcp_adv_win_scale); 2.9 + 2.10 + /* rfc5961 challenge ack rate limiting */ 2.11 +-int sysctl_tcp_challenge_ack_limit = 100; 2.12 ++int sysctl_tcp_challenge_ack_limit = 1000; 2.13 + 2.14 + int sysctl_tcp_stdurg __read_mostly; 2.15 + int sysctl_tcp_rfc1337 __read_mostly; 2.16 +@@ -3715,13 +3715,17 @@ 2.17 + /* unprotected vars, we dont care of overwrites */ 2.18 + static u32 challenge_timestamp; 2.19 + static unsigned int challenge_count; 2.20 +- u32 now = jiffies / HZ; 2.21 ++ u32 count, now = jiffies / HZ; 2.22 + 2.23 + if (now != challenge_timestamp) { 2.24 ++ u32 half = (sysctl_tcp_challenge_ack_limit + 1) >> 1; 2.25 + challenge_timestamp = now; 2.26 +- challenge_count = 0; 2.27 ++ WRITE_ONCE(challenge_count, half + 2.28 ++ prandom_u32_max(sysctl_tcp_challenge_ack_limit)); 2.29 + } 2.30 +- if (++challenge_count <= sysctl_tcp_challenge_ack_limit) { 2.31 ++ count = READ_ONCE(challenge_count); 2.32 ++ if (count > 0) { 2.33 ++ WRITE_ONCE(challenge_count, count - 1); 2.34 + NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPCHALLENGEACK); 2.35 + tcp_send_ack(sk); 2.36 + }