Apply a fix for FreeBSD-SA-15:09.ipv6. https://github.com/gentoo/gentoo-portage-rsync-mirror/pull/91 by nigoro.

(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key EFB4464E!)

1 files changed, 23 insertions, 0 deletions

diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-2923.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-2923.patch
new file mode 100644
index 000000000000..430e1b192ab1
--- /dev/null
+++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-10.1-cve-2015-2923.patch
@@ -0,0 +1,23 @@
+Index: sys/netinet6/nd6_rtr.c
+===================================================================
+--- sys/netinet6/nd6_rtr.c	(revision 280920)
++++ sys/netinet6/nd6_rtr.c	(working copy)
+@@ -296,8 +296,16 @@ nd6_ra_input(struct mbuf *m, int off, int icmp6len
+ 	}
+ 	if (nd_ra->nd_ra_retransmit)
+ 		ndi->retrans = ntohl(nd_ra->nd_ra_retransmit);
+-	if (nd_ra->nd_ra_curhoplimit)
+-		ndi->chlim = nd_ra->nd_ra_curhoplimit;
++	if (nd_ra->nd_ra_curhoplimit) {
++		if (ndi->chlim < nd_ra->nd_ra_curhoplimit)
++			ndi->chlim = nd_ra->nd_ra_curhoplimit;
++		else if (ndi->chlim != nd_ra->nd_ra_curhoplimit) {
++			log(LOG_ERR, "RA with a lower CurHopLimit sent from "
++			    "%s on %s (current = %d, received = %d). "
++			    "Ignored.\n", ip6_sprintf(ip6bufs, &ip6->ip6_src),
++			    if_name(ifp), ndi->chlim, nd_ra->nd_ra_curhoplimit);
++		}
++	}
+ 	dr = defrtrlist_update(&dr0);
+     }
+