ipv6: Do not forward packets with the unspecified source address.

RFC4291 2.5.2. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
mariux64 · Jul 3, 2008 · f81b2e7 · f81b2e7
1 parent d68b827
commit f81b2e7
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
@@ -498,7 +498,8 @@ int ip6_forward(struct sk_buff *skb)
 		int addrtype = ipv6_addr_type(&hdr->saddr);
 
 		/* This check is security critical. */
-		if (addrtype & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LOOPBACK))
+		if (addrtype == IPV6_ADDR_ANY ||
+		    addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
 			goto error;
 		if (addrtype & IPV6_ADDR_LINKLOCAL) {
 			icmpv6_send(skb, ICMPV6_DEST_UNREACH,