Doing a little more research, I came across
this; Which talks about a potential local DoS from an "infected" CMSG. The patch supplied appears to, instead of looping CMSG's, get only one of them. I'm not really sure if this patch may be what broke your thing.
The patch is as follows (note the text at the top, particularly about multiple CMSG's):
Code:
This patch fixes hemlock by disallowing the condition that creates the poisoned
buffer in the first place. This is likely to break some esoteric ipv4 apps which
depend on having multiple CMSG entries, but as there are only two sendable CMSG for
IPv4, I really doubt it.
--- linux-2.6.32-358.11.1.el6.x86_64.orig/net/ipv4/ip_sockglue.c 2013-05-15 08:33:03.000000000 -0400
+++ linux-2.6.32-358.11.1.el6.x86_64/net/ipv4/ip_sockglue.c 2013-06-30 05:19:43.000000000 -0400
@@ -196,7 +196,8 @@
int err;
struct cmsghdr *cmsg;
- for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
+ cmsg = CMSG_FIRSTHDR(msg);
+ {
if (!CMSG_OK(msg, cmsg))
return -EINVAL;
if (cmsg->cmsg_level != SOL_IP)
Again, this is just a shot in the dark, hope it's helpful.
See
CVE-2013-2224 for more details on the noted exploit.