summaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
authorYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>2008-06-25 09:55:26 +0200
committerYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>2008-07-03 10:51:55 +0200
commitf81b2e7d8cf8c6a52b7a5224c3b89cee5aeb6811 (patch)
tree963b5fc56836c958ef95144bb3dbf1517b0f90c3 /net/ipv6
parentipv6: Do not assign non-valid address on interface. (diff)
downloadlinux-f81b2e7d8cf8c6a52b7a5224c3b89cee5aeb6811.tar.xz
linux-f81b2e7d8cf8c6a52b7a5224c3b89cee5aeb6811.zip
ipv6: Do not forward packets with the unspecified source address.
RFC4291 2.5.2. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/ip6_output.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index fd7cd1bfe151..871bdec09edb 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -498,7 +498,8 @@ int ip6_forward(struct sk_buff *skb)
int addrtype = ipv6_addr_type(&hdr->saddr);
/* This check is security critical. */
- if (addrtype & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LOOPBACK))
+ if (addrtype == IPV6_ADDR_ANY ||
+ addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
goto error;
if (addrtype & IPV6_ADDR_LINKLOCAL) {
icmpv6_send(skb, ICMPV6_DEST_UNREACH,