Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 24c69275 authored Dec 02, 2005 by David Stevens Committed by David S. Miller Dec 02, 2005

[IGMP]: workaround for IGMP v1/v2 bug

From: David Stevens <dlstevens@us.ibm.com>

As explained at:

	http://www.cs.ucsb.edu/~krishna/igmp_dos/



With IGMP version 1 and 2 it is possible to inject a unicast
report to a client which will make it ignore multicast
reports sent later by the router.

The fix is to only accept the report if is was sent to a
multicast or unicast address.

Signed-off-by: David S. Miller <davem@davemloft.net>

parent bf031fff

net/ipv4/igmp.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -897,6 +897,9 @@ int igmp_rcv(struct sk_buff *skb)
		/* Is it our report looped back? */
		if (((struct rtable*)skb->dst)->fl.iif == 0)
		break;
		/* don't rely on MC router hearing unicast reports */
		if (skb->pkt_type == PACKET_MULTICAST \|\|
		skb->pkt_type == PACKET_BROADCAST)
		igmp_heard_report(in_dev, ih->group);
		break;
		case IGMP_PIM:

net/ipv6/mcast.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -1231,6 +1231,11 @@ int igmp6_event_report(struct sk_buff *skb)
		if (skb->pkt_type == PACKET_LOOPBACK)
		return 0;

		/* send our report if the MC router may not have heard this report */
		if (skb->pkt_type != PACKET_MULTICAST &&
		skb->pkt_type != PACKET_BROADCAST)
		return 0;

		if (!pskb_may_pull(skb, sizeof(struct in6_addr)))
		return -EINVAL;