utils/ndptool.c | 68 31 + 37 - 0 !
1 file changed, 31 insertions(+), 37 deletions(-)

 ndptool: support kfreebsd by avoiding signalfd

signalfd() is Linux-specific.  By using conventional signal handlers
instead, ndptool will compile on non-Linux systems such as GNU/kFreeBSD.

libndp/libndp.c | 49 39 + 10 - 0 !
1 file changed, 39 insertions(+), 10 deletions(-)

 [patch 1/2] libndp: validate the ipv6 hop limit

None of the NDP messages should ever come from a non-local network; as
stated in RFC4861's 6.1.1 (RS), 6.1.2 (RA), 7.1.1 (NS), 7.1.2 (NA),
and 8.1. (redirect):

  - The IP Hop Limit field has a value of 255, i.e., the packet
    could not possibly have been forwarded by a router.

This fixes CVE-2016-3698.

Reported by: Julien BERNARD <julien.bernard@viagenie.ca>
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>

libndp/libndp.c | 14 13 + 1 - 0 !
1 file changed, 13 insertions(+), 1 deletion(-)

 [patch 2/2] libndb: reject redirect and router advertisements from
 non-link-local

RFC4861 suggests that these messages should only originate from
link-local addresses in 6.1.2 (RA) and 8.1. (redirect):

Mitigates CVE-2016-3698.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>

libndp/libndp.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] fixup! libndp: validate the ipv6 hop limit

Actually allocate space for the hop limit.