From bffa1c48895fbe8cb86ffe47420dc33d96aba121 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 10 Apr 2024 15:36:59 +0900 Subject: [PATCH] sd-ndisc-redirect: fix verification of target address See RFC 4861 section 8.1. --- src/libsystemd-network/sd-ndisc-redirect.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/libsystemd-network/sd-ndisc-redirect.c b/src/libsystemd-network/sd-ndisc-redirect.c index 3e21b76fffe..a1fceb2dff3 100644 --- a/src/libsystemd-network/sd-ndisc-redirect.c +++ b/src/libsystemd-network/sd-ndisc-redirect.c @@ -55,14 +55,19 @@ int ndisc_redirect_parse(sd_ndisc *nd, sd_ndisc_redirect *rd) { rd->target_address = a->nd_rd_target; rd->destination_address = a->nd_rd_dst; - if (in6_addr_is_null(&rd->target_address) || in6_addr_is_multicast(&rd->target_address)) - return log_ndisc_errno(nd, SYNTHETIC_ERRNO(EBADMSG), - "Received Redirect message with an invalid target address, ignoring datagram: %m"); - + /* RFC 4861 section 8.1 + * The ICMP Destination Address field in the redirect message does not contain a multicast address. */ if (in6_addr_is_null(&rd->destination_address) || in6_addr_is_multicast(&rd->destination_address)) return log_ndisc_errno(nd, SYNTHETIC_ERRNO(EBADMSG), "Received Redirect message with an invalid destination address, ignoring datagram: %m"); + /* RFC 4861 section 8.1 + * The ICMP Target Address is either a link-local address (when redirected to a router) or the same + * as the ICMP Destination Address (when redirected to the on-link destination). */ + if (!in6_addr_is_link_local(&rd->target_address) && !in6_addr_equal(&rd->target_address, &rd->destination_address)) + return log_ndisc_errno(nd, SYNTHETIC_ERRNO(EBADMSG), + "Received Redirect message with an invalid target address, ignoring datagram: %m"); + r = ndisc_parse_options(rd->packet, &rd->options); if (r < 0) return log_ndisc_errno(nd, r, "Failed to parse NDisc options in Redirect message, ignoring datagram: %m"); -- 2.47.3