lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <4CBEE45D.2080201@linux-ipv6.org> Date: Wed, 20 Oct 2010 21:45:17 +0900 From: YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org> To: KOVACS Krisztian <hidden@...abit.hu> CC: netdev@...r.kernel.org, netfilter-devel@...r.kernel.org, Patrick McHardy <kaber@...sh.net>, David Miller <davem@...emloft.net> Subject: Re: [PATCH 5/9] tproxy: allow non-local binds of IPv6 sockets if IP_TRANSPARENT is enabled Hello. (2010/10/20 20:21), KOVACS Krisztian wrote: > From: Balazs Scheidler<bazsi@...abit.hu> > > Signed-off-by: Balazs Scheidler<bazsi@...abit.hu> > Signed-off-by: KOVACS Krisztian<hidden@...abit.hu> > --- > net/ipv6/af_inet6.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c > index 6022098..9480572 100644 > --- a/net/ipv6/af_inet6.c > +++ b/net/ipv6/af_inet6.c > @@ -343,7 +343,7 @@ int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) > */ > v4addr = LOOPBACK4_IPV6; > if (!(addr_type& IPV6_ADDR_MULTICAST)) { > - if (!ipv6_chk_addr(net,&addr->sin6_addr, > + if (!inet->transparent&& !ipv6_chk_addr(net,&addr->sin6_addr, > dev, 0)) { > err = -EADDRNOTAVAIL; > goto out_unlock; > > As I wrote before in other thread, this does not seem sufficient -- well, it is sufficient to allow non-local bind, but before we're allowing this, we need add checks of source address in sending side. Regards, --yoshfuji -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists