lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Nov 2011 13:41:45 -0200 From: Flavio Leitner <fbl@...hat.com> To: netdev <netdev@...r.kernel.org> Cc: David Miller <davem@...emloft.net>, Flavio Leitner <fbl@...hat.com> Subject: [PATCH] route: fix ICMP secure_redirects It should accept ICMP redirects from any host and not just from gateways when secure_redirects is disabled. Signed-off-by: Flavio Leitner <fbl@...hat.com> --- net/ipv4/route.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 155138d..dd6937ec 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1347,7 +1347,8 @@ void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw, continue; if (rt->dst.error || rt->dst.dev != dev || - rt->rt_gateway != old_gw) { + (IN_DEV_SEC_REDIRECTS(in_dev) && + rt->rt_gateway != old_gw)) { ip_rt_put(rt); continue; } -- 1.7.6 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists