Bug#440127: CVE-2007-2242 fix breaks ipv6 rfc conformance

To: submit@bugs.debian.org
Subject: Bug#440127: CVE-2007-2242 fix breaks ipv6 rfc conformance
From: dann frazier <dannf@debian.org>
Date: Wed, 29 Aug 2007 18:44:33 -0600
Message-id: <20070830004432.GB18660@ldl.fc.hp.com>
Reply-to: dann frazier <dannf@debian.org>, 440127@bugs.debian.org

Package: linux-2.6
Version: 2.6.18.dfsg.1-13
Severity: important

Brian Haley reported that our backported fix for CVE-2007-2242 breaks
ipv6 rfc conformance. He sent me the attached patch to fix it.

-- 
dann frazier

diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c
index 95a9eb5..6e9822d 100644
--- a/net/ipv6/exthdrs.c
+++ b/net/ipv6/exthdrs.c
@@ -249,12 +249,6 @@ static int ipv6_rthdr_rcv(struct sk_buff **skbp)
 
 	hdr = (struct ipv6_rt_hdr *) skb->h.raw;
 
-	if (hdr->type != IPV6_SRCRT_TYPE_0) {
-		IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
-		icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, (&hdr->type) - skb->nh.raw);
-		return -1;
-	}
-
 	if (ipv6_addr_is_multicast(&skb->nh.ipv6h->daddr) ||
 	    skb->pkt_type != PACKET_HOST) {
 		IP6_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS);
@@ -273,6 +267,12 @@ looped_back:
 		return 1;
 	}
 
+	if (hdr->type != IPV6_SRCRT_TYPE_0) {
+		IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
+		icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, (&hdr->type) - skb->nh.raw);
+		return -1;
+	}
+
 	if (hdr->hdrlen & 0x01) {
 		IP6_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
 		icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, (&hdr->hdrlen) - skb->nh.raw);

Reply to:

Prev by Date: Processed: severity of 440042 is important, found 440042 in 2.6.21+8
Next by Date: Bug#440136: linux-kbuild-2.6.23 not available for experimental kernel 2.6.23
Previous by thread: Processed: severity of 440042 is important, found 440042 in 2.6.21+8
Next by thread: Bug#440136: linux-kbuild-2.6.23 not available for experimental kernel 2.6.23
Index(es):
- Date
- Thread