ipv6: make fragment identifications less predictable, CVE-2011-2699

[linux-flexiantxendom0-natty.git] / net / ipv6 / udp.c

diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 119edb6..b6de206 100644 (file)
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -1360,7 +1360,7 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb, int features)
        fptr = (struct frag_hdr *)(skb_network_header(skb) + unfrag_ip6hlen);
        fptr->nexthdr = nexthdr;
        fptr->reserved = 0;
-       ipv6_select_ident(fptr);
+       ipv6_select_ident(fptr, (struct rt6_info *)skb_dst(skb));
 
        /* Fragment the skb. ipv6 header and the remaining fields of the
         * fragment header are updated in ipv6_gso_segment()