summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJun-ichiro itojun Hagino <itojun@cvs.openbsd.org>2006-12-19 06:33:50 +0000
committerJun-ichiro itojun Hagino <itojun@cvs.openbsd.org>2006-12-19 06:33:50 +0000
commitcbc47ec394974aec9822b43deac057c06a3cf749 (patch)
tree5848e563e3d3ed559bf22ccedebe5f668cdc3318
parent3b40c6de42d2ce69a5157cee71b56e9540f8182b (diff)
reject (potentially malicious) packets from outside,
with interface-local multicast addr in ip6_dst. by jinmei@kame
-rw-r--r--sys/netinet6/ip6_input.c16
1 files changed, 15 insertions, 1 deletions
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index da7d3d7b9b8..e1c4d14e813 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip6_input.c,v 1.72 2006/12/09 01:12:28 itojun Exp $ */
+/* $OpenBSD: ip6_input.c,v 1.73 2006/12/19 06:33:49 itojun Exp $ */
/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */
/*
@@ -260,6 +260,20 @@ ip6_input(m)
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
goto bad;
}
+
+ if (IN6_IS_ADDR_MC_INTFACELOCAL(&ip6->ip6_dst) &&
+ !(m->m_flags & M_LOOP)) {
+ /*
+ * In this case, the packet should come from the loopback
+ * interface. However, we cannot just check the if_flags,
+ * because ip6_mloopback() passes the "actual" interface
+ * as the outgoing/incoming interface.
+ */
+ ip6stat.ip6s_badscope++;
+ in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
+ goto bad;
+ }
+
/*
* The following check is not documented in specs. A malicious
* party may be able to use IPv4 mapped addr to confuse tcp/udp stack