lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Jun 2008 15:23:12 +0200 From: Karsten Keil <kkeil@...e.de> To: netdev@...r.kernel.org Cc: Sergey Mironov <Mironov_Sergey@....com>, Andrew Morton <akpm@...ux-foundation.org>, Linus Torvalds <torvalds@...ux-foundation.org> Subject: [PATCH] [IPv6] Do not use loopback as source address on other interfaces RFC 4291 forbit the use of the loopback address as source outside a node (paragraph 2.5.3). The latest TAHI test release 4.0.1 does have a check for this (ICMPv6 test v6LC.5.1.2 Part F), so it fails currently on Linux. Signed-off-by: Sergey Mironov <Mironov_Sergey@....com> Signed-off-by: Karsten Keil <kkeil@...e.de> --- net/ipv6/icmp.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index d42dd16..a571437 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c @@ -698,7 +698,10 @@ static int icmpv6_rcv(struct sk_buff *skb) switch (type) { case ICMPV6_ECHO_REQUEST: - icmpv6_echo_reply(skb); + /* check that the query is not for loopback address (PSE SPB) */ + if (!(ipv6_addr_type(daddr) & IPV6_ADDR_LOOPBACK) || + (dev->flags & IFF_LOOPBACK)) + icmpv6_echo_reply(skb); break; case ICMPV6_ECHO_REPLY: -- Karsten Keil SuSE Labs ISDN and VOIP development SUSE LINUX Products GmbH, Maxfeldstr.5 90409 Nuernberg, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists