be paranoid about malicious use of v4 mapped addr on v6 packet.

malicious party may try to use v4 mapped addr as source/dest to confuse tcp/udp layer, or to bypass security checks, for example, naive stack can mistakingly think a packet with src = ::ffff:127.0.0.1 is from local node. (sync with kame)
author: itojun <itojun@openbsd.org> 1999-12-21 15:41:07 +0000
committer: itojun <itojun@openbsd.org> 1999-12-21 15:41:07 +0000
commit: e22543b469bbe9aa998f66c3273f52b01184c1fc (patch)
tree: 9d348f7512bf6a0fc71e19452b597b042d71329f /sys/netinet/tcp_input.c
parent: enable SACK again (diff)
download: wireguard-openbsd-e22543b469bbe9aa998f66c3273f52b01184c1fc.tar.xz
wireguard-openbsd-e22543b469bbe9aa998f66c3273f52b01184c1fc.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index f4195de21a1..81362ad1b37 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tcp_input.c,v 1.54 1999/12/15 16:37:20 provos Exp $	*/
+/*	$OpenBSD: tcp_input.c,v 1.55 1999/12/21 15:41:07 itojun Exp $	*/
 /*	$NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $	*/
 
 /*
@@ -489,6 +489,13 @@ tcp_input(m, va_alist)
 	  ti = NULL;
 	  ipv6 = mtod(m, struct ip6_hdr *);
 
+		/* Be proactive about malicious use of IPv4 mapped address */
+		if (IN6_IS_ADDR_V4MAPPED(&ipv6->ip6_src) ||
+		    IN6_IS_ADDR_V4MAPPED(&ipv6->ip6_dst)) {
+			/* XXX stat */
+			goto drop;
+		}
+
 	  if (in6_cksum(m, IPPROTO_TCP, sizeof(struct ip6_hdr), tlen)) {
 	    tcpstat.tcps_rcvbadsum++;
 	    goto drop;
author	itojun <itojun@openbsd.org>	1999-12-21 15:41:07 +0000
committer	itojun <itojun@openbsd.org>	1999-12-21 15:41:07 +0000
commit	e22543b469bbe9aa998f66c3273f52b01184c1fc (patch)
tree	9d348f7512bf6a0fc71e19452b597b042d71329f /sys/netinet/tcp_input.c
parent	enable SACK again (diff)
download	wireguard-openbsd-e22543b469bbe9aa998f66c3273f52b01184c1fc.tar.xz wireguard-openbsd-e22543b469bbe9aa998f66c3273f52b01184c1fc.zip