diff options
author | YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> | 2008-06-25 16:55:26 +0900 |
---|---|---|
committer | YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> | 2008-07-03 17:51:55 +0900 |
commit | f81b2e7d8cf8c6a52b7a5224c3b89cee5aeb6811 (patch) | |
tree | 963b5fc56836c958ef95144bb3dbf1517b0f90c3 /net/ipv6/ip6_output.c | |
parent | d68b82705a4a754e5773f412c6b8f1e65259bc8b (diff) | |
download | linux-f81b2e7d8cf8c6a52b7a5224c3b89cee5aeb6811.tar.bz2 |
ipv6: Do not forward packets with the unspecified source address.
RFC4291 2.5.2.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Diffstat (limited to 'net/ipv6/ip6_output.c')
-rw-r--r-- | net/ipv6/ip6_output.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index fd7cd1bfe151..871bdec09edb 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -498,7 +498,8 @@ int ip6_forward(struct sk_buff *skb) int addrtype = ipv6_addr_type(&hdr->saddr); /* This check is security critical. */ - if (addrtype & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LOOPBACK)) + if (addrtype == IPV6_ADDR_ANY || + addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK)) goto error; if (addrtype & IPV6_ADDR_LINKLOCAL) { icmpv6_send(skb, ICMPV6_DEST_UNREACH, |