ipv6: protect protocols not handling ipv4 from v4 connection/bind attempts Some ipv6 protocols cannot handle ipv4 addresses, so we must not allow connecting and binding to them. sendmsg logic does already check msg->name for this but must trust already connected sockets which could be set up for connection to ipv4 address family. Per-socket flag ipv6only is of no use here, as it is under users control by setsockopt. Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 82b276cd2b0bacd58e7c307bf8856925a68c4d14 [log] [tgz]
author: Hannes Frederic Sowa <hannes@stressinduktion.org> Mon Jan 20 05:16:39 2014 +0100
committer: David S. Miller <davem@davemloft.net> Tue Jan 21 16:59:19 2014 -0800
tree: ffc8648efa91f83f81c94ac83447dc5246a835cf
parent: 446fab59333dea91e54688f033dd8d788d0486fb [diff] [blame]
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index b452311..1f29996 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c

@@ -250,6 +250,10 @@
 
 	if (addr_len < SIN6_LEN_RFC2133)
 		return -EINVAL;
+
+	if (addr->sin6_family != AF_INET6)
+		return -EINVAL;
+
 	addr_type = ipv6_addr_type(&addr->sin6_addr);
 
 	/* Raw sockets are IPv6 only */
@@ -1209,7 +1213,7 @@
 	.owner		   = THIS_MODULE,
 	.close		   = rawv6_close,
 	.destroy	   = raw6_destroy,
-	.connect	   = ip6_datagram_connect,
+	.connect	   = ip6_datagram_connect_v6_only,
 	.disconnect	   = udp_disconnect,
 	.ioctl		   = rawv6_ioctl,
 	.init		   = rawv6_init_sk,
commit	82b276cd2b0bacd58e7c307bf8856925a68c4d14	[log] [tgz]
author	Hannes Frederic Sowa <hannes@stressinduktion.org>	Mon Jan 20 05:16:39 2014 +0100
committer	David S. Miller <davem@davemloft.net>	Tue Jan 21 16:59:19 2014 -0800
tree	ffc8648efa91f83f81c94ac83447dc5246a835cf
parent	446fab59333dea91e54688f033dd8d788d0486fb [diff] [blame]