diff options
| author | delphij <delphij@FreeBSD.org> | 2015-04-07 20:20:09 +0000 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2015-04-07 20:20:09 +0000 |
| commit | 250c8d6f6d86ef6cef92136a0748bbc1967c0919 (patch) | |
| tree | dda700a99fd0f2844551880425ce5071d1a1f72c | |
| parent | 4836e6055cc9e422bd1364e5e7b47dd5f0c9e0e4 (diff) | |
| download | FreeBSD-src-250c8d6f6d86ef6cef92136a0748bbc1967c0919.zip FreeBSD-src-250c8d6f6d86ef6cef92136a0748bbc1967c0919.tar.gz | |
Mitigate Local Denial of Service with IPv6 Router Advertisements
and log attack attempts.
Submitted by: hrs
Security: FreeBSD-SA-15:09.nd6
Security: CVE-2015-2923
| -rw-r--r-- | sys/netinet6/nd6_rtr.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c index 19c5f8d..0576aa2 100644 --- a/sys/netinet6/nd6_rtr.c +++ b/sys/netinet6/nd6_rtr.c @@ -297,8 +297,16 @@ nd6_ra_input(struct mbuf *m, int off, int icmp6len) } if (nd_ra->nd_ra_retransmit) ndi->retrans = ntohl(nd_ra->nd_ra_retransmit); - if (nd_ra->nd_ra_curhoplimit) - ndi->chlim = nd_ra->nd_ra_curhoplimit; + if (nd_ra->nd_ra_curhoplimit) { + if (ndi->chlim < nd_ra->nd_ra_curhoplimit) + ndi->chlim = nd_ra->nd_ra_curhoplimit; + else if (ndi->chlim != nd_ra->nd_ra_curhoplimit) { + log(LOG_ERR, "RA with a lower CurHopLimit sent from " + "%s on %s (current = %d, received = %d). " + "Ignored.\n", ip6_sprintf(ip6bufs, &ip6->ip6_src), + if_name(ifp), ndi->chlim, nd_ra->nd_ra_curhoplimit); + } + } dr = defrtrlist_update(&dr0); } |
