[1/2] net: make ipv6 bind honour freebind

Message ID	1320713842-21152-1-git-send-email-zenczykowski@gmail.com
State	Accepted, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= <zenczykowski@gmail.com> To: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= <maze@google.com> Cc: netdev@vger.kernel.org, =?UTF-8?q?Maciej=20=C5=BBenczykowski?= <maze@google.com> Subject: [PATCH 1/2] net: make ipv6 bind honour freebind Date: Mon, 7 Nov 2011 16:57:21 -0800 Message-Id: <1320713842-21152-1-git-send-email-zenczykowski@gmail.com> In-Reply-To: <CAHo-Oow3LhhvMEO8ph7ZM2TO48KtTak+VZjY56ceWdhxeyUzgA@mail.gmail.com> References: <CAHo-Oow3LhhvMEO8ph7ZM2TO48KtTak+VZjY56ceWdhxeyUzgA@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

1320713842-21152-1-git-send-email-zenczykowski@gmail.com

State

Accepted, archived

Delegated to:

David Miller

Headers

From: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= <zenczykowski@gmail.com>
To: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= <maze@google.com>
Cc: netdev@vger.kernel.org,
	=?UTF-8?q?Maciej=20=C5=BBenczykowski?= <maze@google.com>
Subject: [PATCH 1/2] net: make ipv6 bind honour freebind
Date: Mon,  7 Nov 2011 16:57:21 -0800
Message-Id: <1320713842-21152-1-git-send-email-zenczykowski@gmail.com>
In-Reply-To: <CAHo-Oow3LhhvMEO8ph7ZM2TO48KtTak+VZjY56ceWdhxeyUzgA@mail.gmail.com>
References: <CAHo-Oow3LhhvMEO8ph7ZM2TO48KtTak+VZjY56ceWdhxeyUzgA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Maciej Żenczykowski Nov. 8, 2011, 12:57 a.m. UTC

From: Maciej Żenczykowski <maze@google.com>

This makes native ipv6 bind follow the precedent set by:
  - native ipv4 bind behaviour
  - dual stack ipv4-mapped ipv6 bind behaviour.

This does allow an unpriviledged process to spoof its source IPv6
address, just like it currently can spoof its source IPv4 address
(for example when using UDP).

Signed-off-by: Maciej Żenczykowski <maze@google.com>
---
 net/ipv6/af_inet6.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Comments

David Miller Nov. 8, 2011, 8:17 p.m. UTC | #1

From: Maciej Żenczykowski <zenczykowski@gmail.com>
Date: Mon,  7 Nov 2011 16:57:21 -0800

> From: Maciej Żenczykowski <maze@google.com>
> 
> This makes native ipv6 bind follow the precedent set by:
>   - native ipv4 bind behaviour
>   - dual stack ipv4-mapped ipv6 bind behaviour.
> 
> This does allow an unpriviledged process to spoof its source IPv6
> address, just like it currently can spoof its source IPv4 address
> (for example when using UDP).
> 
> Signed-off-by: Maciej Żenczykowski <maze@google.com>

Applied.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index d27c797..1040424 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -347,7 +347,7 @@  int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 			 */
 			v4addr = LOOPBACK4_IPV6;
 			if (!(addr_type & IPV6_ADDR_MULTICAST))	{
-				if (!inet->transparent &&
+				if (!(inet->freebind || inet->transparent) &&
 				    !ipv6_chk_addr(net, &addr->sin6_addr,
 						   dev, 0)) {
 					err = -EADDRNOTAVAIL;

[1/2] net: make ipv6 bind honour freebind

Commit Message

Comments

Patch