diff options
| author | Ingo Molnar <mingo@elte.hu> | 2008-06-23 05:00:26 -0400 |
|---|---|---|
| committer | Ingo Molnar <mingo@elte.hu> | 2008-06-23 05:00:26 -0400 |
| commit | 198bb971e256e4167e45e7df643c13ea66f67e3a (patch) | |
| tree | 85b8b2bf6cc78bf0e53a2187ed5796f076922334 /net/ipv6 | |
| parent | ea71a546706dfdad72462624394e1e472c6bf34f (diff) | |
| parent | 481c5346d0981940ee63037eb53e4e37b0735c10 (diff) | |
Merge branch 'linus' into sched/urgent
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/ip6_input.c | 9 | ||||
| -rw-r--r-- | net/ipv6/ipv6_sockglue.c | 11 |
2 files changed, 16 insertions, 4 deletions
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c index 4e5c8615832c..17eb48b8e329 100644 --- a/net/ipv6/ip6_input.c +++ b/net/ipv6/ip6_input.c | |||
| @@ -102,6 +102,15 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt | |||
| 102 | if (hdr->version != 6) | 102 | if (hdr->version != 6) |
| 103 | goto err; | 103 | goto err; |
| 104 | 104 | ||
| 105 | /* | ||
| 106 | * RFC4291 2.5.3 | ||
| 107 | * A packet received on an interface with a destination address | ||
| 108 | * of loopback must be dropped. | ||
| 109 | */ | ||
| 110 | if (!(dev->flags & IFF_LOOPBACK) && | ||
| 111 | ipv6_addr_loopback(&hdr->daddr)) | ||
| 112 | goto err; | ||
| 113 | |||
| 105 | skb->transport_header = skb->network_header + sizeof(*hdr); | 114 | skb->transport_header = skb->network_header + sizeof(*hdr); |
| 106 | IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); | 115 | IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); |
| 107 | 116 | ||
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index c042ce19bd14..86e28a75267f 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c | |||
| @@ -345,18 +345,21 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, | |||
| 345 | case IPV6_DSTOPTS: | 345 | case IPV6_DSTOPTS: |
| 346 | { | 346 | { |
| 347 | struct ipv6_txoptions *opt; | 347 | struct ipv6_txoptions *opt; |
| 348 | |||
| 349 | /* remove any sticky options header with a zero option | ||
| 350 | * length, per RFC3542. | ||
| 351 | */ | ||
| 348 | if (optlen == 0) | 352 | if (optlen == 0) |
| 349 | optval = NULL; | 353 | optval = NULL; |
| 354 | else if (optlen < sizeof(struct ipv6_opt_hdr) || | ||
| 355 | optlen & 0x7 || optlen > 8 * 255) | ||
| 356 | goto e_inval; | ||
| 350 | 357 | ||
| 351 | /* hop-by-hop / destination options are privileged option */ | 358 | /* hop-by-hop / destination options are privileged option */ |
| 352 | retv = -EPERM; | 359 | retv = -EPERM; |
| 353 | if (optname != IPV6_RTHDR && !capable(CAP_NET_RAW)) | 360 | if (optname != IPV6_RTHDR && !capable(CAP_NET_RAW)) |
| 354 | break; | 361 | break; |
| 355 | 362 | ||
| 356 | if (optlen < sizeof(struct ipv6_opt_hdr) || | ||
| 357 | optlen & 0x7 || optlen > 8 * 255) | ||
| 358 | goto e_inval; | ||
| 359 | |||
| 360 | opt = ipv6_renew_options(sk, np->opt, optname, | 363 | opt = ipv6_renew_options(sk, np->opt, optname, |
| 361 | (struct ipv6_opt_hdr __user *)optval, | 364 | (struct ipv6_opt_hdr __user *)optval, |
| 362 | optlen); | 365 | optlen); |