From: Yu Watanabe Date: Wed, 10 Apr 2024 06:36:59 +0000 (+0900) Subject: sd-ndisc-redirect: fix verification of target address X-Git-Tag: v256-rc1~219^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bffa1c48895fbe8cb86ffe47420dc33d96aba121;p=thirdparty%2Fsystemd.git sd-ndisc-redirect: fix verification of target address See RFC 4861 section 8.1. --- diff --git a/src/libsystemd-network/sd-ndisc-redirect.c b/src/libsystemd-network/sd-ndisc-redirect.c index 3e21b76fffe..a1fceb2dff3 100644 --- a/src/libsystemd-network/sd-ndisc-redirect.c +++ b/src/libsystemd-network/sd-ndisc-redirect.c @@ -55,14 +55,19 @@ int ndisc_redirect_parse(sd_ndisc *nd, sd_ndisc_redirect *rd) { rd->target_address = a->nd_rd_target; rd->destination_address = a->nd_rd_dst; - if (in6_addr_is_null(&rd->target_address) || in6_addr_is_multicast(&rd->target_address)) - return log_ndisc_errno(nd, SYNTHETIC_ERRNO(EBADMSG), - "Received Redirect message with an invalid target address, ignoring datagram: %m"); - + /* RFC 4861 section 8.1 + * The ICMP Destination Address field in the redirect message does not contain a multicast address. */ if (in6_addr_is_null(&rd->destination_address) || in6_addr_is_multicast(&rd->destination_address)) return log_ndisc_errno(nd, SYNTHETIC_ERRNO(EBADMSG), "Received Redirect message with an invalid destination address, ignoring datagram: %m"); + /* RFC 4861 section 8.1 + * The ICMP Target Address is either a link-local address (when redirected to a router) or the same + * as the ICMP Destination Address (when redirected to the on-link destination). */ + if (!in6_addr_is_link_local(&rd->target_address) && !in6_addr_equal(&rd->target_address, &rd->destination_address)) + return log_ndisc_errno(nd, SYNTHETIC_ERRNO(EBADMSG), + "Received Redirect message with an invalid target address, ignoring datagram: %m"); + r = ndisc_parse_options(rd->packet, &rd->options); if (r < 0) return log_ndisc_errno(nd, r, "Failed to parse NDisc options in Redirect message, ignoring datagram: %m");