| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080618132312.GA25004@pingi.kke.suse.de>
Date: Wed, 18 Jun 2008 15:23:12 +0200
From: Karsten Keil <kkeil@...e.de>
To: netdev@...r.kernel.org
Cc: Sergey Mironov <Mironov_Sergey@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: [PATCH] [IPv6] Do not use loopback as source address on other interfaces
RFC 4291 forbit the use of the loopback address as source outside a node
(paragraph 2.5.3).
The latest TAHI test release 4.0.1 does have a check for this (ICMPv6 test
v6LC.5.1.2 Part F), so it fails currently on Linux.
Signed-off-by: Sergey Mironov <Mironov_Sergey@....com>
Signed-off-by: Karsten Keil <kkeil@...e.de>
---
net/ipv6/icmp.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index d42dd16..a571437 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -698,7 +698,10 @@ static int icmpv6_rcv(struct sk_buff *skb)
switch (type) {
case ICMPV6_ECHO_REQUEST:
- icmpv6_echo_reply(skb);
+ /* check that the query is not for loopback address (PSE SPB) */
+ if (!(ipv6_addr_type(daddr) & IPV6_ADDR_LOOPBACK) ||
+ (dev->flags & IFF_LOOPBACK))
+ icmpv6_echo_reply(skb);
break;
case ICMPV6_ECHO_REPLY:
--
Karsten Keil
SuSE Labs
ISDN and VOIP development
SUSE LINUX Products GmbH, Maxfeldstr.5 90409 Nuernberg, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists