netbsd-bugs: Re: kern/33269: Panic with IPv6 and certain socket options

Subject: Re: kern/33269: Panic with IPv6 and certain socket options
To: None <rpaulo@netbsd.org, gnats-admin@netbsd.org,>
From: Christian Biere <christianbiere@gmx.de>
List: netbsd-bugs
Date: 05/07/2006 20:15:03

The following reply was made to PR kern/33269; it has been noted by GNATS.

From: Christian Biere <christianbiere@gmx.de>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: kern/33269: Panic with IPv6 and certain socket options
Date: Sun, 7 May 2006 22:12:20 +0200

 Christian Biere wrote:
 >  The culprit is IPV6_RTHDR in combination with net.inet6.ip6.v6only=0.
 
 >  Apparently it's not possible to turn the latter off using
 >  the socket option IPV6_V6ONLY, at least not as non-root. I didn't try
 >  as root. So the default configuration of NetBSD is not vulnerable.
 
 Forget the above paragraph. Any user can enable this feature for
 any created IPv6 socket and thus trigger the panic. You only have
 to insert the following piece of code:
 
   {
     static const int disable = 0;
     
     if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &disable, sizeof disable)) {
         perror("setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, ...)");
         exit(EXIT_FAILURE);
     }
   }
 
 -- 
 Christian