Fix possible IPv6 spoofing
authorfendo <fendo@bi12info.com>
Sun, 17 Mar 2013 19:14:05 +0000 (20:14 +0100)
committerfendo <fendo@bi12info.com>
Sun, 17 Mar 2013 19:14:05 +0000 (20:14 +0100)
ppp.c

diff --git a/ppp.c b/ppp.c
index 893ceb9..bd70e4d 100644 (file)
--- a/ppp.c
+++ b/ppp.c
@@ -2244,7 +2244,7 @@ void processipv6in(sessionidt s, tunnelidt t, uint8_t *p, uint16_t l)
                return;
 
        // no spoof
                return;
 
        // no spoof
-       if (ipv4 != session[s].ip && memcmp(&config->ipv6_prefix, &ip, 8) && sessionbyipv6(ip) != s)
+       if ((ipv4 != session[s].ip || memcmp(&config->ipv6_prefix, &ip, 8)) && sessionbyipv6(ip) != s)
        {
                char str[INET6_ADDRSTRLEN];
                LOG(5, s, t, "Dropping packet with spoofed IP %s\n",
        {
                char str[INET6_ADDRSTRLEN];
                LOG(5, s, t, "Dropping packet with spoofed IP %s\n",