Message ID | 1320713842-21152-1-git-send-email-zenczykowski@gmail.com |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: Maciej Żenczykowski <zenczykowski@gmail.com> Date: Mon, 7 Nov 2011 16:57:21 -0800 > From: Maciej Żenczykowski <maze@google.com> > > This makes native ipv6 bind follow the precedent set by: > - native ipv4 bind behaviour > - dual stack ipv4-mapped ipv6 bind behaviour. > > This does allow an unpriviledged process to spoof its source IPv6 > address, just like it currently can spoof its source IPv4 address > (for example when using UDP). > > Signed-off-by: Maciej Żenczykowski <maze@google.com> Applied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index d27c797..1040424 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c @@ -347,7 +347,7 @@ int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) */ v4addr = LOOPBACK4_IPV6; if (!(addr_type & IPV6_ADDR_MULTICAST)) { - if (!inet->transparent && + if (!(inet->freebind || inet->transparent) && !ipv6_chk_addr(net, &addr->sin6_addr, dev, 0)) { err = -EADDRNOTAVAIL;