net/ipv6: allow any source address for sendmsg pktinfo with ip_nonlocal_bind

When freebind feature is set of an IPv6 socket, any source address can be used when sending UDP datagrams using IPv6 PKTINFO ancillary message. Global non-local bind feature was added in commit 35a256fee52c ("ipv6: Nonlocal bind") for IPv6. This commit also allows IPv6 source address spoofing when non-local bind feature is enabled. Signed-off-by: Vincent Bernat <vincent@bernat.im> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Vincent Bernat <vincent@bernat.im> 2018-07-25 13:19:13 +0200
committer: David S. Miller <davem@davemloft.net> 2018-07-29 12:27:13 -0700
commit: d0c1f01138c4b7e532889474e3f2a485546d7270 (patch)
tree: 60071af28fb43fb8f9e8d6d802f6a6165a246d33 /net/ipv6/datagram.c
parent: 41627cdb02cdff8cb92a498bc3bcbef8abe8a752 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index 5a094f58fe8a..f0264dfd38de 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -803,7 +803,8 @@ int ip6_datagram_send_ctl(struct net *net, struct sock *sk,
 
 			if (addr_type != IPV6_ADDR_ANY) {
 				int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL;
-				if (!(inet_sk(sk)->freebind || inet_sk(sk)->transparent) &&
+				if (!(net->ipv6.sysctl.ip_nonlocal_bind ||
+				      inet_sk(sk)->freebind || inet_sk(sk)->transparent) &&
 				    !ipv6_chk_addr_and_flags(net, &src_info->ipi6_addr,
 							     dev, !strict, 0,
 							     IFA_F_TENTATIVE) &&
author	Vincent Bernat <vincent@bernat.im>	2018-07-25 13:19:13 +0200
committer	David S. Miller <davem@davemloft.net>	2018-07-29 12:27:13 -0700
commit	d0c1f01138c4b7e532889474e3f2a485546d7270 (patch)
tree	60071af28fb43fb8f9e8d6d802f6a6165a246d33 /net/ipv6/datagram.c
parent	41627cdb02cdff8cb92a498bc3bcbef8abe8a752 (diff)