diff options
author | Otavio Salvador <otavio@ossystems.com.br> | 2019-12-19 00:14:33 -0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-12-19 00:14:33 -0300 |
commit | fa8a03bec68d9ef89da72277bd3501ed3daa6217 (patch) | |
tree | 3d3218332bcb34cb0afa01d6ad996058a3dbcb77 /net/ipv6/ip6_input.c | |
parent | 6b774eec1f9d3064e9b33634dfa99d5666d0a73a (diff) | |
parent | 1ddf624b0b268fdc0b80b1de618b98f8d117afea (diff) |
Merge pull request #55 from toradex/4.14-2.0.x-imx
4.14 2.0.x imx
Diffstat (limited to 'net/ipv6/ip6_input.c')
-rw-r--r-- | net/ipv6/ip6_input.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c index 9ee208a348f5..e41070fb4fc0 100644 --- a/net/ipv6/ip6_input.c +++ b/net/ipv6/ip6_input.c @@ -173,6 +173,16 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt if (ipv6_addr_is_multicast(&hdr->saddr)) goto err; + /* While RFC4291 is not explicit about v4mapped addresses + * in IPv6 headers, it seems clear linux dual-stack + * model can not deal properly with these. + * Security models could be fooled by ::ffff:127.0.0.1 for example. + * + * https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02 + */ + if (ipv6_addr_v4mapped(&hdr->saddr)) + goto err; + skb->transport_header = skb->network_header + sizeof(*hdr); IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); |