michaelh/zephyr
1
0
Fork 0
Code Releases Activity

net: ipv6: Do not add same prefix multiple times to timer list

Browse source 
Make sure that we do not add same IPv6 prefix, received from RA,
multiple times to prefix timer list. This avoids possible
denial-of-service issue if we receive suitably crafted RA packet.

Fixes #25698

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This commit is contained in:
Jukka Rissanen 2020-05-28 14:33:00 +03:00 committed by Carles Cufí
commit 71686dde4b
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
subsys/net/ip/net_if.c
View file

@ -1921,6 +1921,8 @@ static void prefix_start_timer(struct net_if_ipv6_prefix *ifprefix,
{
u64_t expire_timeout = (u64_t)MSEC_PER_SEC * (u64_t)lifetime;
(void)sys_slist_find_and_remove(&active_prefix_lifetime_timers,
&ifprefix->lifetime.node);
sys_slist_append(&active_prefix_lifetime_timers,
&ifprefix->lifetime.node);