| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Apr 2017 10:15:48 +0300
From: Donatas Abraitis <donatas.abraitis@...il.com>
To: davem@...emloft.net
Cc: netdev@...r.kernel.org, stable@...r.kernel.org,
donatas.abraitis@...il.com
Subject: [PATCH net-next v1] net: ipv6: make sure multicast packets are not forwarded beyond the different scopes
RFC4291 2.7 Routers must not forward any multicast packets
beyond of the scope indicated by the scop field in the
destination multicast address.
Signed-off-by: Donatas Abraitis <donatas.abraitis@...il.com>
---
net/ipv6/ip6_input.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index 9ee208a..a834797 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -165,6 +165,14 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
IPV6_ADDR_MC_SCOPE(&hdr->daddr) == 0)
goto err;
+ /* RFC4291 2.7
+ * Routers must not forward any multicast packets beyond of the scope
+ * indicated by the scop field in the destination multicast address.
+ */
+ if (ipv6_addr_is_multicast(&hdr->daddr) &&
+ IPV6_ADDR_MC_SCOPE(&hdr->daddr) != IPV6_ADDR_MC_SCOPE(&hdr->saddr)
+ goto err;
+
/*
* RFC4291 2.7
* Multicast addresses must not be used as source addresses in IPv6
--
2.10.0
Powered by blists - more mailing lists