net/ipv6: allow any source address for sendmsg pktinfo with ip_nonloc…

…al_bind When freebind feature is set of an IPv6 socket, any source address can be used when sending UDP datagrams using IPv6 PKTINFO ancillary message. Global non-local bind feature was added in commit 35a256f ("ipv6: Nonlocal bind") for IPv6. This commit also allows IPv6 source address spoofing when non-local bind feature is enabled. Signed-off-by: Vincent Bernat <vincent@bernat.im> Signed-off-by: David S. Miller <davem@davemloft.net>
mariux64 · Jul 29, 2018 · d0c1f01 · d0c1f01
1 parent 41627cd
commit d0c1f01
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
@@ -803,7 +803,8 @@ int ip6_datagram_send_ctl(struct net *net, struct sock *sk,
 
 			if (addr_type != IPV6_ADDR_ANY) {
 				int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL;
-				if (!(inet_sk(sk)->freebind || inet_sk(sk)->transparent) &&
+				if (!(net->ipv6.sysctl.ip_nonlocal_bind ||
+				      inet_sk(sk)->freebind || inet_sk(sk)->transparent) &&
 				    !ipv6_chk_addr_and_flags(net, &src_info->ipi6_addr,
 							     dev, !strict, 0,
 							     IFA_F_TENTATIVE) &&