From: YOSHIFUJI Hideaki Date: Wed, 25 Jun 2008 07:55:26 +0000 (+0900) Subject: ipv6: Do not forward packets with the unspecified source address. X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=f81b2e7d8cf8c6a52b7a5224c3b89cee5aeb6811;p=openwrt%2Fstaging%2Fblogic.git ipv6: Do not forward packets with the unspecified source address. RFC4291 2.5.2. Signed-off-by: YOSHIFUJI Hideaki --- diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index fd7cd1bfe151..871bdec09edb 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -498,7 +498,8 @@ int ip6_forward(struct sk_buff *skb) int addrtype = ipv6_addr_type(&hdr->saddr); /* This check is security critical. */ - if (addrtype & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LOOPBACK)) + if (addrtype == IPV6_ADDR_ANY || + addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK)) goto error; if (addrtype & IPV6_ADDR_LINKLOCAL) { icmpv6_send(skb, ICMPV6_DEST_UNREACH,