summaryrefslogtreecommitdiff
path: root/net/ipv6/ip6_input.c
diff options
context:
space:
mode:
authorSean Paul <seanpaul@chromium.org>2019-10-23 11:14:11 -0400
committerSean Paul <seanpaul@chromium.org>2019-10-23 11:14:11 -0400
commit44bf67f32a6803339ac1ba721b158c3e2272cabe (patch)
tree1ed93503a4a1d20005b85df91bd81e5f5982f348 /net/ipv6/ip6_input.c
parenta96bf3cbd7b8557f5c5c7938e5f8926ea39d55e9 (diff)
parent2e79e22e092acd55da0b2db066e4826d7d152c41 (diff)
Merge drm/drm-next into drm-misc-next
Parroting Daniel's backmerge justification from 2e79e22e092acd55da0b2db066e4826d7d152c41: Thierry needs fd70c7755bf0 ("drm/bridge: tc358767: fix max_tu_symbol value") to be able to merge his dp_link patch series. Signed-off-by: Sean Paul <seanpaul@chromium.org>
Diffstat (limited to 'net/ipv6/ip6_input.c')
-rw-r--r--net/ipv6/ip6_input.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index d432d0011c16..3d71c7d6102c 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -223,6 +223,16 @@ static struct sk_buff *ip6_rcv_core(struct sk_buff *skb, struct net_device *dev,
if (ipv6_addr_is_multicast(&hdr->saddr))
goto err;
+ /* While RFC4291 is not explicit about v4mapped addresses
+ * in IPv6 headers, it seems clear linux dual-stack
+ * model can not deal properly with these.
+ * Security models could be fooled by ::ffff:127.0.0.1 for example.
+ *
+ * https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
+ */
+ if (ipv6_addr_v4mapped(&hdr->saddr))
+ goto err;
+
skb->transport_header = skb->network_header + sizeof(*hdr);
IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);
@@ -371,7 +381,7 @@ resubmit_final:
/* Free reference early: we don't need it any more,
and it may hold ip_conntrack module loaded
indefinitely. */
- nf_reset(skb);
+ nf_reset_ct(skb);
skb_postpull_rcsum(skb, skb_network_header(skb),
skb_network_header_len(skb));