diff options
| author | Michael Bestas <mkbestas@lineageos.org> | 2021-04-19 18:56:01 +0300 |
|---|---|---|
| committer | Michael Bestas <mkbestas@lineageos.org> | 2021-04-19 18:56:01 +0300 |
| commit | f3d4e7ef44f14e433312bc0646ea996d8c8756bf (patch) | |
| tree | 78f6dc67808364d9ad3eae5e4c323a668bb6fadc /net/ipv6 | |
| parent | db1bf2b55b337174e62637e6c23b45f166bdc14e (diff) | |
| parent | f5978a07daf67b25d101caa42ab3b18f0edf3dde (diff) | |
Merge branch 'android-4.4-p' of https://android.googlesource.com/kernel/common into lineage-18.1-caf-msm8998
This brings LA.UM.9.2.r1-02700-SDMxx0.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
f5978a07daf67 Merge 4.4.267 into android-4.4-p
Conflicts:
arch/alpha/include/asm/Kbuild
drivers/mmc/core/mmc.c
drivers/usb/gadget/configfs.c
Change-Id: I978d923e97c18f284edbd32c0c19ac70002f7d83
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/ip6_input.c | 10 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 2 | ||||
| -rw-r--r-- | net/ipv6/route.c | 8 | ||||
| -rw-r--r-- | net/ipv6/tcp_ipv6.c | 5 |
4 files changed, 12 insertions, 13 deletions
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c index 0089407f5ebf..31ac3c56da4b 100644 --- a/net/ipv6/ip6_input.c +++ b/net/ipv6/ip6_input.c @@ -161,16 +161,6 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt if (ipv6_addr_is_multicast(&hdr->saddr)) goto err; - /* While RFC4291 is not explicit about v4mapped addresses - * in IPv6 headers, it seems clear linux dual-stack - * model can not deal properly with these. - * Security models could be fooled by ::ffff:127.0.0.1 for example. - * - * https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02 - */ - if (ipv6_addr_v4mapped(&hdr->saddr)) - goto err; - skb->transport_header = skb->network_header + sizeof(*hdr); IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 0d2b321932c7..bd75bf199e1d 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -1612,6 +1612,8 @@ translate_compat_table(struct net *net, if (!newinfo) goto out_unlock; + memset(newinfo->entries, 0, size); + newinfo->number = compatr->num_entries; for (i = 0; i < NF_INET_NUMHOOKS; i++) { newinfo->hook_entry[i] = compatr->hook_entry[i]; diff --git a/net/ipv6/route.c b/net/ipv6/route.c index ee43d46452a8..fd58f7feec8a 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -2977,9 +2977,11 @@ static int ip6_route_multipath_add(struct fib6_config *cfg) * nexthops have been replaced by first new, the rest should * be added to it. */ - cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL | - NLM_F_REPLACE); - cfg->fc_nlinfo.nlh->nlmsg_flags |= NLM_F_CREATE; + if (cfg->fc_nlinfo.nlh) { + cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL | + NLM_F_REPLACE); + cfg->fc_nlinfo.nlh->nlmsg_flags |= NLM_F_CREATE; + } nhn++; } diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index ae5a5d06c218..84cce21d7ce3 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -980,6 +980,11 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) if (!ipv6_unicast_destination(skb)) goto drop; + if (ipv6_addr_v4mapped(&ipv6_hdr(skb)->saddr)) { + IP6_INC_STATS_BH(sock_net(sk), NULL, IPSTATS_MIB_INHDRERRORS); + return 0; + } + return tcp_conn_request(&tcp6_request_sock_ops, &tcp_request_sock_ipv6_ops, sk, skb); |