diff options
author | Sean Paul <seanpaul@chromium.org> | 2019-10-23 11:14:11 -0400 |
---|---|---|
committer | Sean Paul <seanpaul@chromium.org> | 2019-10-23 11:14:11 -0400 |
commit | 44bf67f32a6803339ac1ba721b158c3e2272cabe (patch) | |
tree | 1ed93503a4a1d20005b85df91bd81e5f5982f348 /net/ipv6/ip6_input.c | |
parent | a96bf3cbd7b8557f5c5c7938e5f8926ea39d55e9 (diff) | |
parent | 2e79e22e092acd55da0b2db066e4826d7d152c41 (diff) |
Merge drm/drm-next into drm-misc-next
Parroting Daniel's backmerge justification from
2e79e22e092acd55da0b2db066e4826d7d152c41:
Thierry needs fd70c7755bf0 ("drm/bridge: tc358767: fix max_tu_symbol
value") to be able to merge his dp_link patch series.
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Diffstat (limited to 'net/ipv6/ip6_input.c')
-rw-r--r-- | net/ipv6/ip6_input.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c index d432d0011c16..3d71c7d6102c 100644 --- a/net/ipv6/ip6_input.c +++ b/net/ipv6/ip6_input.c @@ -223,6 +223,16 @@ static struct sk_buff *ip6_rcv_core(struct sk_buff *skb, struct net_device *dev, if (ipv6_addr_is_multicast(&hdr->saddr)) goto err; + /* While RFC4291 is not explicit about v4mapped addresses + * in IPv6 headers, it seems clear linux dual-stack + * model can not deal properly with these. + * Security models could be fooled by ::ffff:127.0.0.1 for example. + * + * https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02 + */ + if (ipv6_addr_v4mapped(&hdr->saddr)) + goto err; + skb->transport_header = skb->network_header + sizeof(*hdr); IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); @@ -371,7 +381,7 @@ resubmit_final: /* Free reference early: we don't need it any more, and it may hold ip_conntrack module loaded indefinitely. */ - nf_reset(skb); + nf_reset_ct(skb); skb_postpull_rcsum(skb, skb_network_header(skb), skb_network_header_len(skb)); |