Merge release-20200928.0-59-g95cac27d0 (automated)

author: gVisor bot <gvisor-bot@google.com> 2020-10-06 23:20:34 +0000
committer: gVisor bot <gvisor-bot@google.com> 2020-10-06 23:20:34 +0000
commit: 059eb189ebd1b7154cd1dce2c5b51cb4b21b7cad (patch)
tree: 7b5d2efdf05ee25f535592d9a13880f2b8fb3f70 /pkg/tcpip/network/ipv6
parent: 3725e9f2322c41d8e2dd40686fe8abbf7a406068 (diff)
parent: 95cac27d0d1ca93610f1bea554e3eb67c8a907d7 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/pkg/tcpip/network/ipv6/icmp.go b/pkg/tcpip/network/ipv6/icmp.go
index 8e9def6b8..629d1818e 100644
--- a/pkg/tcpip/network/ipv6/icmp.go
+++ b/pkg/tcpip/network/ipv6/icmp.go
@@ -286,6 +286,17 @@ func (e *endpoint) handleICMP(r *stack.Route, pkt *stack.PacketBuffer, hasFragme
 			e.linkAddrCache.AddLinkAddress(e.nic.ID(), r.RemoteAddress, sourceLinkAddr)
 		}
 
+		// As per RFC 4861 section 7.1.1:
+		//   A node MUST silently discard any received Neighbor Solicitation
+		//   messages that do not satisfy all of the following validity checks:
+		//    ...
+		//    - If the IP source address is the unspecified address, the IP
+		//      destination address is a solicited-node multicast address.
+		if unspecifiedSource && !header.IsSolicitedNodeAddr(r.LocalAddress) {
+			received.Invalid.Increment()
+			return
+		}
+
 		// ICMPv6 Neighbor Solicit messages are always sent to
 		// specially crafted IPv6 multicast addresses. As a result, the
 		// route we end up with here has as its LocalAddress such a
author	gVisor bot <gvisor-bot@google.com>	2020-10-06 23:20:34 +0000
committer	gVisor bot <gvisor-bot@google.com>	2020-10-06 23:20:34 +0000
commit	059eb189ebd1b7154cd1dce2c5b51cb4b21b7cad (patch)
tree	7b5d2efdf05ee25f535592d9a13880f2b8fb3f70 /pkg/tcpip/network/ipv6
parent	3725e9f2322c41d8e2dd40686fe8abbf7a406068 (diff)
parent	95cac27d0d1ca93610f1bea554e3eb67c8a907d7 (diff)