net/ipv6 · 237dfc5b712719a8be1dd9d64726428981261759 · Upstream / linux-stable

ipv6: addrconf: validate new MTU before applying it

Marcelo Leitner authored 10 years ago

commit 77751427

 upstream.

Currently we don't check if the new MTU is valid or not and this allows
one to configure a smaller than minimum allowed by RFCs or even bigger
than interface own MTU, which is a problem as it may lead to packet
drops.

If you have a daemon like NetworkManager running, this may be exploited
by remote attackers by forging RA packets with an invalid MTU, possibly
leading to a DoS. (NetworkManager currently only validates for values
too small, but not for too big ones.)

The fix is just to make sure the new value is valid. That is, between
IPV6_MIN_MTU and interface's MTU.

Note that similar check is already performed at
ndisc_router_discovery(), for when kernel itself parses the RA.
Signed-off-by: Marcelo Ricardo Leitner <mleitner@redhat.com>
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backported to 2.6.32:
 - Add a strategy for the...

237dfc5b

Name	Last commit	Last update
..
netfilter	netfilter: IPv6: initialize TOS field in REJECT target module	14 years ago
Kconfig	trivial: Kconfig: .ko is normally not included in module names	16 years ago
Makefile	[IPV6] MROUTE: Support multicast forwarding.	17 years ago
addrconf.c	ipv6: addrconf: validate new MTU before applying it	9 years ago
addrconf_core.c	[IPV6]: ipv6_addr_type() doesn't know about RFC4193 addresses.	18 years ago
addrlabel.c	net: replace %p6 with %pI6	16 years ago
af_inet6.c	ipv6: make fragment identifications less predictable	12 years ago
ah6.c	net: constify struct inet6_protocol	15 years ago
anycast.c	net: replace %#p6 format specifier with %pi6	16 years ago
datagram.c	ipv6: fix leaking uninitialized port number of offender sockaddr	11 years ago
esp6.c	net: constify struct inet6_protocol	15 years ago
exthdrs.c	ipv6: skb_dst() can be NULL in ipv6_hop_jumbo().	15 years ago
exthdrs_core.c	[NET] IPV6: Fix whitespace errors.	18 years ago
fib6_rules.c	net: Remove unused parameter from fill method in fib_rules_ops.	16 years ago
icmp.c	ICMPv6: treat dest unreachable codes 5 and 6 as EACCES, not EPROTO	11 years ago
inet6_connection_sock.c	ipv6: tcp: fix panic in SYN processing	11 years ago
inet6_hashtables.c	net: do not call sock_put() on TIMEWAIT sockets	11 years ago
ip6_fib.c	ipv6: don't stop backtracking in fib6_lookup_1 if subtree does not match	11 years ago
ip6_flowlabel.c	ipv6: Disallow rediculious flowlabel option sizes.	16 years ago
ip6_input.c	net: constify struct inet6_protocol	15 years ago
ip6_output.c	udp: only allow UFO for packets from SOCK_DGRAM sockets	10 years ago
ip6_tunnel.c	Fix broken backport for IPv6 tunnels	13 years ago
ip6mr.c	net: Make setsockopt() optlen be unsigned.	15 years ago
ipcomp6.c	net: constify struct inet6_protocol	15 years ago
ipv6_sockglue.c	net: Fix IP_MULTICAST_IF	15 years ago
mcast.c
mip6.c
ndisc.c
netfilter.c
proc.c
protocol.c
raw.c
reassembly.c
route.c
sit.c
syncookies.c
sysctl_net_ipv6.c
tcp_ipv6.c
tunnel6.c
udp.c
udp_impl.h
udplite.c
xfrm6_input.c
xfrm6_mode_beet.c
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
xfrm6_output.c
xfrm6_policy.c
xfrm6_state.c
xfrm6_tunnel.c

GitLab

Menu

Download source code

Download this directory