net/ipv6: allow any source address for sendmsg pktinfo with ip_nonlocal_bind

When freebind feature is set of an IPv6 socket, any source address can
be used when sending UDP datagrams using IPv6 PKTINFO ancillary
message. Global non-local bind feature was added in commit
35a256fee52c ("ipv6: Nonlocal bind") for IPv6. This commit also allows
IPv6 source address spoofing when non-local bind feature is enabled.

Signed-off-by: Vincent Bernat <vincent@bernat.im>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index 5a094f58fe8a0a4a987be4a6518d624dffdd7797..f0264dfd38debf1ac5045a1bb0d18a736664b55f 100644 (file)
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -803,7 +803,8 @@ int ip6_datagram_send_ctl(struct net *net, struct sock *sk,
 
                        if (addr_type != IPV6_ADDR_ANY) {
                                int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL;
-                               if (!(inet_sk(sk)->freebind || inet_sk(sk)->transparent) &&
+                               if (!(net->ipv6.sysctl.ip_nonlocal_bind ||
+                                     inet_sk(sk)->freebind || inet_sk(sk)->transparent) &&
                                    !ipv6_chk_addr_and_flags(net, &src_info->ipi6_addr,
                                                             dev, !strict, 0,
                                                             IFA_F_TENTATIVE) &&