d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Mitigate Local Denial of Service with IPv6 Router Advertisements

Browse Source 
and log attack attempts.

Submitted by:	hrs
Security:	FreeBSD-SA-15:09.nd6
Security:	CVE-2015-2923
This commit is contained in:
Xin LI 2015-04-07 20:20:09 +00:00
parent edc76c95db
commit dd3856601d
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sys/netinet6/nd6_rtr.c
View File

@ -297,8 +297,16 @@ nd6_ra_input(struct mbuf *m, int off, int icmp6len)
}
if (nd_ra->nd_ra_retransmit)
ndi->retrans = ntohl(nd_ra->nd_ra_retransmit);
if (nd_ra->nd_ra_curhoplimit)
ndi->chlim = nd_ra->nd_ra_curhoplimit;
if (nd_ra->nd_ra_curhoplimit) {
if (ndi->chlim < nd_ra->nd_ra_curhoplimit)
ndi->chlim = nd_ra->nd_ra_curhoplimit;
else if (ndi->chlim != nd_ra->nd_ra_curhoplimit) {
log(LOG_ERR, "RA with a lower CurHopLimit sent from "
"%s on %s (current = %d, received = %d). "
"Ignored.\n", ip6_sprintf(ip6bufs, &ip6->ip6_src),
if_name(ifp), ndi->chlim, nd_ra->nd_ra_curhoplimit);
}
}
dr = defrtrlist_update(&dr0);
}