Date: Tue, 7 Apr 2015 20:20:10 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r281229 - head/sys/netinet6 Message-ID: <201504072020.t37KKAaN029013@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Tue Apr 7 20:20:09 2015 New Revision: 281229 URL: https://svnweb.freebsd.org/changeset/base/281229 Log: Mitigate Local Denial of Service with IPv6 Router Advertisements and log attack attempts. Submitted by: hrs Security: FreeBSD-SA-15:09.nd6 Security: CVE-2015-2923 Modified: head/sys/netinet6/nd6_rtr.c Modified: head/sys/netinet6/nd6_rtr.c ============================================================================== --- head/sys/netinet6/nd6_rtr.c Tue Apr 7 20:20:03 2015 (r281228) +++ head/sys/netinet6/nd6_rtr.c Tue Apr 7 20:20:09 2015 (r281229) @@ -297,8 +297,16 @@ nd6_ra_input(struct mbuf *m, int off, in } if (nd_ra->nd_ra_retransmit) ndi->retrans = ntohl(nd_ra->nd_ra_retransmit); - if (nd_ra->nd_ra_curhoplimit) - ndi->chlim = nd_ra->nd_ra_curhoplimit; + if (nd_ra->nd_ra_curhoplimit) { + if (ndi->chlim < nd_ra->nd_ra_curhoplimit) + ndi->chlim = nd_ra->nd_ra_curhoplimit; + else if (ndi->chlim != nd_ra->nd_ra_curhoplimit) { + log(LOG_ERR, "RA with a lower CurHopLimit sent from " + "%s on %s (current = %d, received = %d). " + "Ignored.\n", ip6_sprintf(ip6bufs, &ip6->ip6_src), + if_name(ifp), ndi->chlim, nd_ra->nd_ra_curhoplimit); + } + } dr = defrtrlist_update(&dr0); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201504072020.t37KKAaN029013>