Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-7]: src/sys/netinet6 Pull up following revision(s) (requested by ...
details: https://anonhg.NetBSD.org/src/rev/2d7fc5853210
branches: netbsd-7
changeset: 799274:2d7fc5853210
user: martin <martin%NetBSD.org@localhost>
date: Sat May 02 18:23:25 2015 +0000
description:
Pull up following revision(s) (requested by roy in ticket #731):
sys/netinet6/nd6_rtr.c: revision 1.99
Mitigate Local Denial of Service with IPv6 Router Advertisements and
log attack attempts.
Fixes CVE-2015-2923, taken from FreeBSD.
diffstat:
sys/netinet6/nd6_rtr.c | 15 +++++++++++----
1 files changed, 11 insertions(+), 4 deletions(-)
diffs (36 lines):
diff -r 39dfdeb689b1 -r 2d7fc5853210 sys/netinet6/nd6_rtr.c
--- a/sys/netinet6/nd6_rtr.c Sat May 02 18:18:22 2015 +0000
+++ b/sys/netinet6/nd6_rtr.c Sat May 02 18:23:25 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: nd6_rtr.c,v 1.93.2.2 2015/04/06 01:32:33 snj Exp $ */
+/* $NetBSD: nd6_rtr.c,v 1.93.2.3 2015/05/02 18:23:25 martin Exp $ */
/* $KAME: nd6_rtr.c,v 1.95 2001/02/07 08:09:47 itojun Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: nd6_rtr.c,v 1.93.2.2 2015/04/06 01:32:33 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nd6_rtr.c,v 1.93.2.3 2015/05/02 18:23:25 martin Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -272,8 +272,15 @@
}
if (nd_ra->nd_ra_retransmit)
ndi->retrans = ntohl(nd_ra->nd_ra_retransmit);
- if (nd_ra->nd_ra_curhoplimit)
- ndi->chlim = nd_ra->nd_ra_curhoplimit;
+ if (nd_ra->nd_ra_curhoplimit) {
+ if (ndi->chlim < nd_ra->nd_ra_curhoplimit)
+ ndi->chlim = nd_ra->nd_ra_curhoplimit;
+ else if (ndi->chlim != nd_ra->nd_ra_curhoplimit)
+ log(LOG_ERR, "nd_ra_input: lower CurHopLimit sent from "
+ "%s on %s (current=%d, received=%d), ignored\n",
+ ip6_sprintf(&ip6->ip6_src),
+ if_name(ifp), ndi->chlim, nd_ra->nd_ra_curhoplimit);
+ }
dr = defrtrlist_update(&drtr);
}
Home |
Main Index |
Thread Index |
Old Index