On Tue, May 07, 2013 at 09:16:25PM +0200, Stefan Bagdohn wrote: > Wasn't this check introduced as mitigation of CVE-2008-2476 five years ago? > E.g. http://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/001_ndp.patch
Right, thanks for pointing that out. Claudio added this check in 2008. RFC 4861 is older than that. I should have used cvs blame first. This issue definitely needs more thought.
