Should apply to git.linux-ipv6.org/gitroot/mipv6-daemon.git c4a8e574785794dcc9022f8f39f087999c5f8f41 diff -ruN mipv6-daemon.orig/src/ha.c mipv6-daemon/src/ha.c --- mipv6-daemon.orig/src/ha.c 2010-07-06 14:50:34.000000000 +0200 +++ mipv6-daemon/src/ha.c 2010-07-06 14:53:00.000000000 +0200 @@ -104,6 +104,8 @@ if (opt[0] == ND_OPT_PREFIX_INFORMATION) { struct nd_opt_prefix_info *p; + if (olen < sizeof(struct nd_opt_prefix_info)) + return; p = (struct nd_opt_prefix_info *)opt; if (p->nd_opt_pi_prefix_len > 128) return; @@ -117,6 +119,8 @@ } else if (opt[0] == ND_OPT_HOME_AGENT_INFO && ra->nd_ra_flags_reserved & ND_RA_FLAG_HOME_AGENT) { struct nd_opt_homeagent_info *hainfo; + if (olen < sizeof(struct nd_opt_homeagent_info)) + return; hainfo = (struct nd_opt_homeagent_info *)opt; pref = ntohs(hainfo->nd_opt_hai_preference); life = ntohs(hainfo->nd_opt_hai_lifetime); diff -ruN mipv6-daemon.orig/src/mn.c mipv6-daemon/src/mn.c --- mipv6-daemon.orig/src/mn.c 2010-07-06 14:50:34.000000000 +0200 +++ mipv6-daemon/src/mn.c 2010-07-06 14:54:12.000000000 +0200 @@ -1646,9 +1646,10 @@ iif = pkt_info.ipi6_ifindex; na = (struct nd_neighbor_advert *)msg; - if (iif != ifindex || - hoplimit < 255 || na->nd_na_code != 0 || - len < sizeof(struct nd_neighbor_advert) || + if (iif != ifindex || + hoplimit < 255 || + len < sizeof(struct nd_neighbor_advert) || + na->nd_na_code != 0 || IN6_IS_ADDR_MULTICAST(&na->nd_na_target) || (na->nd_na_flags_reserved & ND_NA_FLAG_SOLICITED && IN6_IS_ADDR_MULTICAST(daddr))) diff -ruN mipv6-daemon.orig/src/movement.c mipv6-daemon/src/movement.c --- mipv6-daemon.orig/src/movement.c 2010-07-06 14:50:34.000000000 +0200 +++ mipv6-daemon/src/movement.c 2010-07-06 14:56:44.000000000 +0200 @@ -818,6 +818,11 @@ struct nlmsghdr *n, void *arg) { pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL); + + /* only accept messages from kernel */ + if (who->nl_pid) + goto out; + switch (n->nlmsg_type) { case RTM_NEWLINK: case RTM_DELLINK: @@ -837,6 +842,8 @@ /* To do: listen to changes in default and prefix routes(?) */ break; } + +out: pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL); return 0; } diff -ruN mipv6-daemon.orig/src/xfrm.c mipv6-daemon/src/xfrm.c --- mipv6-daemon.orig/src/xfrm.c 2010-07-06 14:50:34.000000000 +0200 +++ mipv6-daemon/src/xfrm.c 2010-07-06 14:57:38.000000000 +0200 @@ -1939,6 +1939,11 @@ static int xfrm_rcv(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) { pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL); + + /* only accept messages from kernel */ + if (who->nl_pid) + goto out; + switch (n->nlmsg_type) { case XFRM_MSG_ACQUIRE: /* Start RO or send BRR */ @@ -1949,6 +1954,9 @@ parse_report(n); break; } + + +out: pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL); return 0; }