summaryrefslogtreecommitdiff
path: root/net/bridge/br_stp_if.c
diff options
context:
space:
mode:
authorIdo Schimmel <idosch@mellanox.com>2020-06-01 15:58:54 +0300
committerDavid S. Miller <davem@davemloft.net>2020-06-01 11:08:41 -0700
commit53fc685243bd6fb90d90305cea54598b78d3cbfc (patch)
tree1ed1493cf2db8509b8ff0461c69a0b9135752613 /net/bridge/br_stp_if.c
parentdafe2078a75af1abe4780313ef8dd8491ba8598f (diff)
downloadlinux-riscv-53fc685243bd6fb90d90305cea54598b78d3cbfc.tar.gz
linux-riscv-53fc685243bd6fb90d90305cea54598b78d3cbfc.tar.bz2
linux-riscv-53fc685243bd6fb90d90305cea54598b78d3cbfc.zip
bridge: Avoid infinite loop when suppressing NS messages with invalid options
When neighbor suppression is enabled the bridge device might reply to Neighbor Solicitation (NS) messages on behalf of remote hosts. In case the NS message includes the "Source link-layer address" option [1], the bridge device will use the specified address as the link-layer destination address in its reply. To avoid an infinite loop, break out of the options parsing loop when encountering an option with length zero and disregard the NS message. This is consistent with the IPv6 ndisc code and RFC 4886 which states that "Nodes MUST silently discard an ND packet that contains an option with length zero" [2]. [1] https://tools.ietf.org/html/rfc4861#section-4.3 [2] https://tools.ietf.org/html/rfc4861#section-4.6 Fixes: ed842faeb2bd ("bridge: suppress nd pkts on BR_NEIGH_SUPPRESS ports") Signed-off-by: Ido Schimmel <idosch@mellanox.com> Reported-by: Alla Segal <allas@mellanox.com> Tested-by: Alla Segal <allas@mellanox.com> Acked-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge/br_stp_if.c')
0 files changed, 0 insertions, 0 deletions