aboutsummaryrefslogtreecommitdiffstats
path: root/net/bridge/br_stp_bpdu.c
diff options
context:
space:
mode:
authorStephen Hemminger <shemminger@osdl.org>2005-05-29 17:15:55 -0400
committerDavid S. Miller <davem@davemloft.net>2005-05-29 17:15:55 -0400
commit85967bb46dd1f8f2c49b85a313866c00ac0c9b59 (patch)
tree3de44cb857e648d57e74baa047a0c89a96a00893 /net/bridge/br_stp_bpdu.c
parent81d35307dd468b92fe8c58797abb13c62e3e64dd (diff)
[BRIDGE]: prevent bad forwarding table updates
Avoid poisoning of the bridge forwarding table by frames that have been dropped by filtering. This prevents spoofed source addresses on hostile side of bridge from causing packet leakage, a small but possible security risk. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge/br_stp_bpdu.c')
-rw-r--r--net/bridge/br_stp_bpdu.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/bridge/br_stp_bpdu.c b/net/bridge/br_stp_bpdu.c
index b91a875aca0..d071f1c9ad0 100644
--- a/net/bridge/br_stp_bpdu.c
+++ b/net/bridge/br_stp_bpdu.c
@@ -140,6 +140,9 @@ int br_stp_handle_bpdu(struct sk_buff *skb)
140 struct net_bridge *br = p->br; 140 struct net_bridge *br = p->br;
141 unsigned char *buf; 141 unsigned char *buf;
142 142
143 /* insert into forwarding database after filtering to avoid spoofing */
144 br_fdb_update(p->br, p, eth_hdr(skb)->h_source);
145
143 /* need at least the 802 and STP headers */ 146 /* need at least the 802 and STP headers */
144 if (!pskb_may_pull(skb, sizeof(header)+1) || 147 if (!pskb_may_pull(skb, sizeof(header)+1) ||
145 memcmp(skb->data, header, sizeof(header))) 148 memcmp(skb->data, header, sizeof(header)))