lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1408641747-22199-1-git-send-email-johannes@sipsolutions.net>
Date:	Thu, 21 Aug 2014 19:22:27 +0200
From:	Johannes Berg <johannes@...solutions.net>
To:	linux-wireless@...r.kernel.org, netdev@...r.kernel.org
Cc:	Johannes Berg <johannes.berg@...el.com>
Subject: [RFC] net: ipv4: drop unicast encapsulated in L2 multicast

From: Johannes Berg <johannes.berg@...el.com>

RFC 1122 says that unicast packets encapsulated in broadcast
link-layer packets should be dropped. Implement that, but also
extend it to link-layer multicast packets.

Signed-off-by: Johannes Berg <johannes.berg@...el.com>
---
 net/ipv4/route.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index eaa4b000c7b4..c374fcc73ee0 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1710,6 +1710,23 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
 		goto no_route;
 	}
 
+	/* RFC 1122 3.3.6:
+	 *
+	 *   When a host sends a datagram to a link-layer broadcast address,
+	 *   the IP destination address MUST be a legal IP broadcast or IP
+	 *   multicast address.
+	 *
+	 *   A host SHOULD silently discard a datagram that is received via
+	 *   a link-layer broadcast (see Section 2.4) but does not specify
+	 *   an IP multicast or broadcast destination address.
+	 *
+	 * We also do this for link-layer multicast.
+	 */
+	if ((skb->pkt_type == PACKET_BROADCAST ||
+	     skb->pkt_type == PACKET_MULTICAST) &&
+	    res.type != RTN_BROADCAST)
+		goto e_inval;
+
 	if (res.type == RTN_BROADCAST)
 		goto brd_input;
 
-- 
2.0.0

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ