ipv6: addrconf: validate new MTU before applying it
Marcelo Leitner authored
commit 77751427

 upstream.

Currently we don't check if the new MTU is valid or not and this allows
one to configure a smaller than minimum allowed by RFCs or even bigger
than interface own MTU, which is a problem as it may lead to packet
drops.

If you have a daemon like NetworkManager running, this may be exploited
by remote attackers by forging RA packets with an invalid MTU, possibly
leading to a DoS. (NetworkManager currently only validates for values
too small, but not for too big ones.)

The fix is just to make sure the new value is valid. That is, between
IPV6_MIN_MTU and interface's MTU.

Note that similar check is already performed at
ndisc_router_discovery(), for when kernel itself parses the RA.
Signed-off-by: default avatarMarcelo Ricardo Leitner <mleitner@redhat.com>
Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
[bwh: Backported to 2.6.32:
 - Add a strategy for the...
237dfc5b
Name Last commit Last update
..
netfilter netfilter: IPv6: initialize TOS field in REJECT target module
Kconfig trivial: Kconfig: .ko is normally not included in module names
Makefile [IPV6] MROUTE: Support multicast forwarding.
addrconf.c ipv6: addrconf: validate new MTU before applying it
addrconf_core.c [IPV6]: ipv6_addr_type() doesn't know about RFC4193 addresses.
addrlabel.c net: replace %p6 with %pI6
af_inet6.c ipv6: make fragment identifications less predictable
ah6.c net: constify struct inet6_protocol
anycast.c net: replace %#p6 format specifier with %pi6
datagram.c ipv6: fix leaking uninitialized port number of offender sockaddr
esp6.c net: constify struct inet6_protocol
exthdrs.c ipv6: skb_dst() can be NULL in ipv6_hop_jumbo().
exthdrs_core.c [NET] IPV6: Fix whitespace errors.
fib6_rules.c net: Remove unused parameter from fill method in fib_rules_ops.
icmp.c ICMPv6: treat dest unreachable codes 5 and 6 as EACCES, not EPROTO
inet6_connection_sock.c ipv6: tcp: fix panic in SYN processing
inet6_hashtables.c net: do not call sock_put() on TIMEWAIT sockets
ip6_fib.c ipv6: don't stop backtracking in fib6_lookup_1 if subtree does not match
ip6_flowlabel.c ipv6: Disallow rediculious flowlabel option sizes.
ip6_input.c net: constify struct inet6_protocol
ip6_output.c udp: only allow UFO for packets from SOCK_DGRAM sockets
ip6_tunnel.c Fix broken backport for IPv6 tunnels
ip6mr.c net: Make setsockopt() optlen be unsigned.
ipcomp6.c net: constify struct inet6_protocol
ipv6_sockglue.c net: Fix IP_MULTICAST_IF
mcast.c
mip6.c
ndisc.c
netfilter.c
proc.c
protocol.c
raw.c
reassembly.c
route.c
sit.c
syncookies.c
sysctl_net_ipv6.c
tcp_ipv6.c
tunnel6.c
udp.c
udp_impl.h
udplite.c
xfrm6_input.c
xfrm6_mode_beet.c
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
xfrm6_output.c
xfrm6_policy.c
xfrm6_state.c
xfrm6_tunnel.c