Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNicolai Stange <nstange@suse.de>2018-09-07 06:22:48 +0200
committerMiroslav Benes <mbenes@suse.cz>2018-09-07 15:08:03 +0200
commit981dd534eae044363165b688c7ef82ec9a17d518 (patch)
tree9ac0187bf65d9619e731243cf379e5d0870f9c81
parentbd113d8b6ae8a9d5bb463256923026051ee2697a (diff)
Fix for CVE-2018-10938 ("infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows for DoS")
Live patch for CVE-2018-10938. Upstream commit 40413955ee26 ("Cipso: cipso_v4_optptr enter infinite loop"). KLP: CVE-2018-10938 References: bsc#1106191 CVE-2018-10938 Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Miroslav Benes <mbenes@suse.cz>
-rw-r--r--bsc1106191/livepatch_bsc1106191.c73
-rw-r--r--bsc1106191/livepatch_bsc1106191.h13
-rw-r--r--bsc1106191/patched_funcs.csv1
3 files changed, 87 insertions, 0 deletions
diff --git a/bsc1106191/livepatch_bsc1106191.c b/bsc1106191/livepatch_bsc1106191.c
new file mode 100644
index 0000000..63d334b
--- /dev/null
+++ b/bsc1106191/livepatch_bsc1106191.c
@@ -0,0 +1,73 @@
+/*
+ * livepatch_bsc1106191
+ *
+ * Fix for CVE-2018-10938, bsc#1106191
+ *
+ * Upstream commit:
+ * 40413955ee26 ("Cipso: cipso_v4_optptr enter infinite loop")
+ *
+ * SLE12(-SP1) commit:
+ * not affected
+ *
+ * SLE12-SP2 and -SP3 commit:
+ * dfcceea9d5f7cb02078e0e0176279d50a061eb35
+ *
+ * SLE15 commit:
+ * 4af59ddef75512b3e8bcaa0cb3bc06b56001cb50
+ *
+ *
+ * Copyright (c) 2018 SUSE
+ * Author: Nicolai Stange <nstange@suse.de>
+ *
+ * Based on the original Linux kernel code. Other copyrights apply.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/ip.h>
+#include "livepatch_bsc1106191.h"
+
+/* patched */
+unsigned char *klp_cipso_v4_optptr(const struct sk_buff *skb)
+{
+ const struct iphdr *iph = ip_hdr(skb);
+ unsigned char *optptr = (unsigned char *)&(ip_hdr(skb)[1]);
+ int optlen;
+ int taglen;
+
+ for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 0; ) {
+ /*
+ * Fix CVE-2018-10938
+ * -3 lines, +11 lines
+ */
+ switch (optptr[0]) {
+ case IPOPT_CIPSO:
+ return optptr;
+ case IPOPT_END:
+ return NULL;
+ case IPOPT_NOOP:
+ taglen = 1;
+ break;
+ default:
+ taglen = optptr[1];
+ }
+ optlen -= taglen;
+ optptr += taglen;
+ }
+
+ return NULL;
+}
diff --git a/bsc1106191/livepatch_bsc1106191.h b/bsc1106191/livepatch_bsc1106191.h
new file mode 100644
index 0000000..238788f
--- /dev/null
+++ b/bsc1106191/livepatch_bsc1106191.h
@@ -0,0 +1,13 @@
+#ifndef _LIVEPATCH_BSC1106191_H
+#define _LIVEPATCH_BSC1106191_H
+
+static inline int livepatch_bsc1106191_init(void) { return 0; }
+
+static inline void livepatch_bsc1106191_cleanup(void) {}
+
+
+struct sk_buff;
+
+unsigned char *klp_cipso_v4_optptr(const struct sk_buff *skb);
+
+#endif /* _LIVEPATCH_BSC1106191_H */
diff --git a/bsc1106191/patched_funcs.csv b/bsc1106191/patched_funcs.csv
new file mode 100644
index 0000000..184977d
--- /dev/null
+++ b/bsc1106191/patched_funcs.csv
@@ -0,0 +1 @@
+vmlinux cipso_v4_optptr klp_cipso_v4_optptr