| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4CBEE45D.2080201@linux-ipv6.org>
Date: Wed, 20 Oct 2010 21:45:17 +0900
From: YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>
To: KOVACS Krisztian <hidden@...abit.hu>
CC: netdev@...r.kernel.org, netfilter-devel@...r.kernel.org,
Patrick McHardy <kaber@...sh.net>,
David Miller <davem@...emloft.net>
Subject: Re: [PATCH 5/9] tproxy: allow non-local binds of IPv6 sockets if
IP_TRANSPARENT is enabled
Hello.
(2010/10/20 20:21), KOVACS Krisztian wrote:
> From: Balazs Scheidler<bazsi@...abit.hu>
>
> Signed-off-by: Balazs Scheidler<bazsi@...abit.hu>
> Signed-off-by: KOVACS Krisztian<hidden@...abit.hu>
> ---
> net/ipv6/af_inet6.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
> index 6022098..9480572 100644
> --- a/net/ipv6/af_inet6.c
> +++ b/net/ipv6/af_inet6.c
> @@ -343,7 +343,7 @@ int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
> */
> v4addr = LOOPBACK4_IPV6;
> if (!(addr_type& IPV6_ADDR_MULTICAST)) {
> - if (!ipv6_chk_addr(net,&addr->sin6_addr,
> + if (!inet->transparent&& !ipv6_chk_addr(net,&addr->sin6_addr,
> dev, 0)) {
> err = -EADDRNOTAVAIL;
> goto out_unlock;
>
>
As I wrote before in other thread, this does not seem sufficient --
well, it is sufficient to allow non-local bind, but before we're
allowing this, we need add checks of source address in sending side.
Regards,
--yoshfuji
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists