Applied: [PATCH 0/1] [HARDY] [CVE-2012-2744] netfilter: nf_conntrack_reasm: properly handle packets fragmented into a single fragment
Brad Figg
brad.figg at canonical.com
Wed Jul 11 21:30:18 UTC 2012
On 07/11/2012 01:38 PM, Brad Figg wrote:
> CVE-2012-2744
>
> BugLink: http://bugs.launchpad.net/bugs/1234567
>
> When an ICMPV6_PKT_TOOBIG message is received with a MTU below 1280,
> all further packets include a fragment header.
>
> Unlike regular defragmentation, conntrack also needs to "reassemble"
> those fragments in order to obtain a packet without the fragment
> header for connection tracking. Currently nf_conntrack_reasm checks
> whether a fragment has either IP6_MF set or an offset != 0, which
> makes it ignore those fragments.
>
> Remove the invalid check and make reassembly handle fragment queues
> containing only a single fragment.
>
> Patrick McHardy (1):
> netfilter: nf_conntrack_reasm: properly handle packets fragmented
> into a single fragment
>
> .../src/net/ipv6/netfilter/nf_conntrack_reasm.c | 8 +-------
> .../src/net/ipv6/netfilter/nf_conntrack_reasm.c | 8 +-------
> net/ipv6/netfilter/nf_conntrack_reasm.c | 8 +-------
> 3 files changed, 3 insertions(+), 21 deletions(-)
>
--
Brad Figg brad.figg at canonical.com http://www.canonical.com
More information about the kernel-team
mailing list