diff options
author | YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> | 2008-06-25 09:55:26 +0200 |
---|---|---|
committer | YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> | 2008-07-03 10:51:55 +0200 |
commit | f81b2e7d8cf8c6a52b7a5224c3b89cee5aeb6811 (patch) | |
tree | 963b5fc56836c958ef95144bb3dbf1517b0f90c3 /net/ipv6 | |
parent | ipv6: Do not assign non-valid address on interface. (diff) | |
download | linux-f81b2e7d8cf8c6a52b7a5224c3b89cee5aeb6811.tar.xz linux-f81b2e7d8cf8c6a52b7a5224c3b89cee5aeb6811.zip |
ipv6: Do not forward packets with the unspecified source address.
RFC4291 2.5.2.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/ip6_output.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index fd7cd1bfe151..871bdec09edb 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -498,7 +498,8 @@ int ip6_forward(struct sk_buff *skb) int addrtype = ipv6_addr_type(&hdr->saddr); /* This check is security critical. */ - if (addrtype & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LOOPBACK)) + if (addrtype == IPV6_ADDR_ANY || + addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK)) goto error; if (addrtype & IPV6_ADDR_LINKLOCAL) { icmpv6_send(skb, ICMPV6_DEST_UNREACH, |