From: Eric Dumazet <edumazet@google.com>
Date: Wed, 17 May 2017 14:16:40 +0000 (-0700)
Subject: sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
X-Git-Tag: v4.1.12-110.0.20170822_0730~15
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=9b948ab39f9cd9ce544806fdfb7873223f1d5cc7;p=users%2Fjedix%2Flinux-maple.git

sctp: do not inherit ipv6_{mc|ac|fl}_list from parent

SCTP needs fixes similar to 83eaddab4378 ("ipv6/dccp: do not inherit
ipv6_mc_list from parent"), otherwise bad things can happen.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8)

Orabug: 26107745
CVE: CVE-2017-9075

Signed-off-by: Kirtikar Kashyap <kirtikar.kashyap@oracle.com>
Reviewed-by: Jack Vogel <jack.vogel@oracle.com>
---

diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index 38a8b833473e4..6df51623f6ded 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -655,6 +655,9 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk,
 	newnp = inet6_sk(newsk);
 
 	memcpy(newnp, np, sizeof(struct ipv6_pinfo));
+	newnp->ipv6_mc_list = NULL;
+	newnp->ipv6_ac_list = NULL;
+	newnp->ipv6_fl_list = NULL;
 
 	rcu_read_lock();
 	opt = rcu_dereference(np->opt);