svn commit: r281229 - head/sys/netinet6
Xin LI
delphij at FreeBSD.org
Tue Apr 7 20:20:10 UTC 2015
Author: delphij
Date: Tue Apr 7 20:20:09 2015
New Revision: 281229
URL: https://svnweb.freebsd.org/changeset/base/281229
Log:
Mitigate Local Denial of Service with IPv6 Router Advertisements
and log attack attempts.
Submitted by: hrs
Security: FreeBSD-SA-15:09.nd6
Security: CVE-2015-2923
Modified:
head/sys/netinet6/nd6_rtr.c
Modified: head/sys/netinet6/nd6_rtr.c
==============================================================================
--- head/sys/netinet6/nd6_rtr.c Tue Apr 7 20:20:03 2015 (r281228)
+++ head/sys/netinet6/nd6_rtr.c Tue Apr 7 20:20:09 2015 (r281229)
@@ -297,8 +297,16 @@ nd6_ra_input(struct mbuf *m, int off, in
}
if (nd_ra->nd_ra_retransmit)
ndi->retrans = ntohl(nd_ra->nd_ra_retransmit);
- if (nd_ra->nd_ra_curhoplimit)
- ndi->chlim = nd_ra->nd_ra_curhoplimit;
+ if (nd_ra->nd_ra_curhoplimit) {
+ if (ndi->chlim < nd_ra->nd_ra_curhoplimit)
+ ndi->chlim = nd_ra->nd_ra_curhoplimit;
+ else if (ndi->chlim != nd_ra->nd_ra_curhoplimit) {
+ log(LOG_ERR, "RA with a lower CurHopLimit sent from "
+ "%s on %s (current = %d, received = %d). "
+ "Ignored.\n", ip6_sprintf(ip6bufs, &ip6->ip6_src),
+ if_name(ifp), ndi->chlim, nd_ra->nd_ra_curhoplimit);
+ }
+ }
dr = defrtrlist_update(&dr0);
}
More information about the svn-src-all
mailing list