diff --git a/debian/patches/bugfix/all/ipv6-remove-max_addresses-check-from-ipv6_create_tem.patch b/debian/patches/bugfix/all/ipv6-remove-max_addresses-check-from-ipv6_create_tem.patch deleted file mode 100644 index 1babd5c9f..000000000 --- a/debian/patches/bugfix/all/ipv6-remove-max_addresses-check-from-ipv6_create_tem.patch +++ /dev/null @@ -1,60 +0,0 @@ -From: Hannes Frederic Sowa -Date: Fri, 16 Aug 2013 13:02:27 +0200 -Subject: ipv6: remove max_addresses check from ipv6_create_tempaddr -Origin: https://git.kernel.org/linus/4b08a8f1bd8cb4541c93ec170027b4d0782dab52 - -Because of the max_addresses check attackers were able to disable privacy -extensions on an interface by creating enough autoconfigured addresses: - - - -But the check is not actually needed: max_addresses protects the -kernel to install too many ipv6 addresses on an interface and guards -addrconf_prefix_rcv to install further addresses as soon as this limit -is reached. We only generate temporary addresses in direct response of -a new address showing up. As soon as we filled up the maximum number of -addresses of an interface, we stop installing more addresses and thus -also stop generating more temp addresses. - -Even if the attacker tries to generate a lot of temporary addresses -by announcing a prefix and removing it again (lifetime == 0) we won't -install more temp addresses, because the temporary addresses do count -to the maximum number of addresses, thus we would stop installing new -autoconfigured addresses when the limit is reached. - -This patch fixes CVE-2013-0343 (but other layer-2 attacks are still -possible). - -Thanks to Ding Tianhong to bring this topic up again. - -Cc: Ding Tianhong -Cc: George Kargiotakis -Cc: P J P -Cc: YOSHIFUJI Hideaki -Signed-off-by: Hannes Frederic Sowa -Acked-by: Ding Tianhong -Signed-off-by: David S. Miller -[bwh: Backported to 3.10: adjust ipv6_add_addr() parameter list] ---- - net/ipv6/addrconf.c | 10 ++++------ - 1 file changed, 4 insertions(+), 6 deletions(-) - ---- a/net/ipv6/addrconf.c -+++ b/net/ipv6/addrconf.c -@@ -1124,12 +1124,10 @@ retry: - if (ifp->flags & IFA_F_OPTIMISTIC) - addr_flags |= IFA_F_OPTIMISTIC; - -- ift = !max_addresses || -- ipv6_count_addresses(idev) < max_addresses ? -- ipv6_add_addr(idev, &addr, tmp_plen, -- ipv6_addr_type(&addr)&IPV6_ADDR_SCOPE_MASK, -- addr_flags) : NULL; -- if (IS_ERR_OR_NULL(ift)) { -+ ift = ipv6_add_addr(idev, &addr, tmp_plen, -+ ipv6_addr_type(&addr)&IPV6_ADDR_SCOPE_MASK, -+ addr_flags); -+ if (IS_ERR(ift)) { - in6_ifa_put(ifp); - in6_dev_put(idev); - pr_info("%s: retry temporary address regeneration\n", __func__); diff --git a/debian/patches/series b/debian/patches/series index 4f8d1a005..04cd32c29 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -83,7 +83,6 @@ bugfix/all/irq-Always-define-devm_-request_threaded-free-_irq.patch bugfix/m68k/atari-irqs.patch bugfix/x86/amd64_edac-Fix-single-channel-setups.patch -bugfix/all/ipv6-remove-max_addresses-check-from-ipv6_create_tem.patch bugfix/all/HID-validate-HID-report-id-size.patch bugfix/all/HID-pantherlord-validate-output-report-details.patch bugfix/all/HID-ntrig-validate-feature-report-details.patch