e65ff3b72a
Cherry-picked from upstream. Also applied a fix for the CPUShares configuration option while I'm at it. CVE-2013-4327
37 lines
1.3 KiB
Diff
37 lines
1.3 KiB
Diff
From f0c362873860526579bf9bda216005fd5a0936dd Mon Sep 17 00:00:00 2001
|
|
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
|
|
Date: Mon, 4 Feb 2013 12:41:14 +0100
|
|
Subject: [PATCH 07/11] Ignore IPv6 link-local addresses
|
|
|
|
Returning IPv6 link-local addresses is a bad idea, because they only
|
|
work if an application connects specifically over the corresponding
|
|
interface. So you get errors like:
|
|
|
|
$ curl -6 http://my-machine/
|
|
curl: (7) Failed to connect to fe80::d6be:d9ff:fe1b:8477: Invalid argument
|
|
|
|
To prevent this, this patch filters out link-local addresses. So if
|
|
you don't have a routable IPv6 address, nss-myhostname will fall back
|
|
to returning ::1.
|
|
---
|
|
src/nss-myhostname/netlink.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c
|
|
index b1ef912..4f2ab5c 100644
|
|
--- a/src/nss-myhostname/netlink.c
|
|
+++ b/src/nss-myhostname/netlink.c
|
|
@@ -113,6 +113,10 @@ static int read_reply(int fd, struct address **list, unsigned *n_list) {
|
|
ifaddrmsg->ifa_scope == RT_SCOPE_NOWHERE)
|
|
continue;
|
|
|
|
+ if (ifaddrmsg->ifa_family == AF_INET6 &&
|
|
+ ifaddrmsg->ifa_scope == RT_SCOPE_LINK)
|
|
+ continue;
|
|
+
|
|
if (ifaddrmsg->ifa_flags & IFA_F_DEPRECATED)
|
|
continue;
|
|
|
|
--
|
|
1.8.3.4
|
|
|