[Precise/lts-backport-quantal 1/1] ipv6: don't set DST_NOCOUNT for remotely added routes

[Luis Henriques]

From: Sabrina Dubroca <sd at queasysnail.net>

DST_NOCOUNT should only be used if an authorized user adds routes
locally. In case of routes which are added on behalf of router
advertisments this flag must not get used as it allows an unlimited
number of routes getting added remotely.

Signed-off-by: Sabrina Dubroca <sd at queasysnail.net>
Acked-by: Hannes Frederic Sowa <hannes at stressinduktion.org>
Signed-off-by: David S. Miller <davem at davemloft.net>
(back ported from commit c88507fbad8055297c1d1e21e599f46960cbee39)
CVE-2014-2309
BugLink: http://bugs.launchpad.net/bugs/1293726
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 net/ipv6/route.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 5b8eac8..1f26038 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1302,7 +1302,7 @@ int ip6_route_add(struct fib6_config *cfg)
 	if (!table)
 		goto out;
 
-	rt = ip6_dst_alloc(&net->ipv6.ip6_dst_ops, NULL, DST_NOCOUNT);
+	rt = ip6_dst_alloc(&net->ipv6.ip6_dst_ops, NULL, (cfg->fc_flags & RTF_ADDRCONF) ? 0 : DST_NOCOUNT);
 
 	if (!rt) {
 		err = -ENOMEM;
-- 
1.9.1