From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 2 Nov 2018 08:39:13 +0000 (+0100)
Subject: 4.19-stable patches
X-Git-Tag: v4.19.1~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c8805fd2ff7bde9f0c7f78a6a254f2cbd85b8d5e;p=thirdparty%2Fkernel%2Fstable-queue.git

4.19-stable patches

added patches:
	net-bridge-remove-ipv6-zero-address-check-in-mcast-queries.patch
---

diff --git a/queue-4.19/net-bridge-remove-ipv6-zero-address-check-in-mcast-queries.patch b/queue-4.19/net-bridge-remove-ipv6-zero-address-check-in-mcast-queries.patch
new file mode 100644
index 00000000000..77619329de6
--- /dev/null
+++ b/queue-4.19/net-bridge-remove-ipv6-zero-address-check-in-mcast-queries.patch
@@ -0,0 +1,47 @@
+From 0fe5119e267f3e3d8ac206895f5922195ec55a8a Mon Sep 17 00:00:00 2001
+From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
+Date: Sat, 27 Oct 2018 12:07:47 +0300
+Subject: net: bridge: remove ipv6 zero address check in mcast queries
+
+From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
+
+commit 0fe5119e267f3e3d8ac206895f5922195ec55a8a upstream.
+
+Recently a check was added which prevents marking of routers with zero
+source address, but for IPv6 that cannot happen as the relevant RFCs
+actually forbid such packets:
+RFC 2710 (MLDv1):
+"To be valid, the Query message MUST
+ come from a link-local IPv6 Source Address, be at least 24 octets
+ long, and have a correct MLD checksum."
+
+Same goes for RFC 3810.
+
+And also it can be seen as a requirement in ipv6_mc_check_mld_query()
+which is used by the bridge to validate the message before processing
+it. Thus any queries with :: source address won't be processed anyway.
+So just remove the check for zero IPv6 source address from the query
+processing function.
+
+Fixes: 5a2de63fd1a5 ("bridge: do not add port to router list when receives query with source 0.0.0.0")
+Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Hangbin Liu <liuhangbin@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bridge/br_multicast.c |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/net/bridge/br_multicast.c
++++ b/net/bridge/br_multicast.c
+@@ -1426,8 +1426,7 @@ static void br_multicast_query_received(
+ 	 * is 0.0.0.0 should not be added to router port list.
+ 	 */
+ 	if ((saddr->proto == htons(ETH_P_IP) && saddr->u.ip4) ||
+-	    (saddr->proto == htons(ETH_P_IPV6) &&
+-	     !ipv6_addr_any(&saddr->u.ip6)))
++	    saddr->proto == htons(ETH_P_IPV6))
+ 		br_multicast_mark_router(br, port);
+ }
+ 
diff --git a/queue-4.19/series b/queue-4.19/series
index 2ad0a252a14..30220d7adaa 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -21,3 +21,4 @@ sctp-check-policy-more-carefully-when-getting-pr-status.patch
 sparc64-export-__node_distance.patch
 sparc64-make-corrupted-user-stacks-more-debuggable.patch
 sparc64-wire-up-compat-getpeername-and-getsockname.patch
+net-bridge-remove-ipv6-zero-address-check-in-mcast-queries.patch