linux/net/ipv6
Arnaud Ebalard d9a9dc66eb IPv6: fix CoA check in RH2 input handler (mip6_rthdr_input())
The input handler for Type 2 Routing Header (mip6_rthdr_input())
checks if the CoA in the packet matches the CoA in the XFRM state.

Current check is buggy: it compares the adddress in the Type 2
Routing Header, i.e. the HoA, against the expected CoA in the state.
The comparison should be made against the address in the destination
field of the IPv6 header.

The bug remained unnoticed because the main (and possibly only current)
user of the code (UMIP MIPv6 Daemon) initializes the XFRM state with the
unspecified address, i.e. explicitly allows everything.

Yoshifuji-san, can you ack that one?

Signed-off-by: Arnaud Ebalard <arno@natisbad.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-07-18 15:04:33 -07:00
..
netfilter netfilter: ip6t_REJECT: fix a dst leak in ipv6 REJECT 2010-07-02 10:05:01 +02:00
addrconf_core.c ipv6: Remove IPV6_ADDR_RESERVED 2010-02-26 03:59:07 -08:00
addrconf.c ipv6: Never schedule DAD timer on dead address 2010-05-18 15:56:06 -07:00
addrlabel.c ipv6 addrlabel: permit deletion of labels assigned to removed dev 2010-05-17 17:08:08 -07:00
af_inet6.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-05-12 00:05:35 -07:00
ah6.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
anycast.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
datagram.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-05-12 00:05:35 -07:00
esp6.c xfrm: SA lookups signature with mark 2010-02-22 16:20:22 -08:00
exthdrs_core.c
exthdrs.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
fib6_rules.c net: rtnetlink: decouple rtnetlink address families from real address families 2010-04-26 16:13:54 +02:00
icmp.c ipv6: fix ICMP6_MIB_OUTERRORS 2010-06-09 18:39:27 -07:00
inet6_connection_sock.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-05-02 22:02:06 -07:00
inet6_hashtables.c tcp: Fix a connect() race with timewait sockets 2009-12-08 20:17:51 -08:00
ip6_fib.c net: Fix various endianness glitches 2010-04-20 19:06:52 -07:00
ip6_flowlabel.c IPv6: Add dontfrag argument to relevant functions 2010-04-23 23:35:28 -07:00
ip6_input.c Merge branch 'master' of /repos/git/net-next-2.6 2010-04-20 16:02:01 +02:00
ip6_output.c ipv6: Add GSO support on forwarding path 2010-05-28 01:57:17 -07:00
ip6_tunnel.c net: Introduce skb_tunnel_rx() helper 2010-05-17 22:36:55 -07:00
ip6mr.c ipmr: dont corrupt lists 2010-06-07 02:57:14 -07:00
ipcomp6.c xfrm: SA lookups signature with mark 2010-02-22 16:20:22 -08:00
ipv6_sockglue.c IPv6: Add dontfrag argument to relevant functions 2010-04-23 23:35:28 -07:00
Kconfig ipv6: ip6mr: support multiple tables 2010-05-11 14:40:55 +02:00
Makefile [IPV6] MROUTE: Support multicast forwarding. 2008-04-05 22:33:38 +09:00
mcast.c ipv6: avoid high order allocations 2010-06-05 03:03:30 -07:00
mip6.c IPv6: fix CoA check in RH2 input handler (mip6_rthdr_input()) 2010-07-18 15:04:33 -07:00
ndisc.c ipv6: fix NULL reference in proxy neighbor discovery 2010-06-25 21:16:57 -07:00
netfilter.c netfilter: ipv6: move xfrm_lookup at end of ip6_route_me_harder 2010-04-15 12:37:18 +02:00
proc.c net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
protocol.c net: constify struct inet6_protocol 2009-09-14 17:03:05 -07:00
raw.c Merge branch 'master' of /repos/git/net-next-2.6 2010-05-10 18:39:28 +02:00
reassembly.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
route.c IPv6: fix Mobile IPv6 regression 2010-05-28 23:02:35 -07:00
sit.c net: Introduce skb_tunnel_rx() helper 2010-05-17 22:36:55 -07:00
syncookies.c net: Add rtnetlink init_rcvwnd to set the TCP initial receive window 2009-12-23 14:13:30 -08:00
sysctl_net_ipv6.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
tcp_ipv6.c net: Introduce sk_route_nocaps 2010-05-16 00:36:33 -07:00
tunnel6.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udp.c net: sock_queue_err_skb() dont mess with sk_forward_alloc 2010-05-31 23:44:05 -07:00
udplite.c net: spread __net_init, __net_exit 2010-01-17 19:16:02 -08:00
xfrm6_input.c netfilter: ipv6: use NFPROTO values for NF_HOOK invocation 2010-03-25 16:00:49 +01:00
xfrm6_mode_beet.c ipsec: Interfamily IPSec BEET, ipv4-inner ipv6-outer 2008-08-06 02:40:25 -07:00
xfrm6_mode_ro.c [IPSEC]: Make x->lastused an unsigned long 2008-01-28 14:53:52 -08:00
xfrm6_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm6_mode_tunnel.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
xfrm6_output.c netfilter: ipv6: use NFPROTO values for NF_HOOK invocation 2010-03-25 16:00:49 +01:00
xfrm6_policy.c xfrm: fix xfrm by MARK logic 2010-07-04 11:46:07 -07:00
xfrm6_state.c ipv6: fix sparse warning: Using plain integer as NULL pointer 2009-02-21 23:37:10 -08:00
xfrm6_tunnel.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00