[Bug 285129] netinet(6)/route: uninitialized access of ifp->if_data in ip6_tryforward() with PPPoE/ng interface

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 27 Sep 2025 15:15:07 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285129

--- Comment #3 from commit-hook@FreeBSD.org ---
A commit in branch stable/14 references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=dc32441e3825a90027b61259c3c77ef6e213728a

commit dc32441e3825a90027b61259c3c77ef6e213728a
Author:     Zhenlei Huang <zlei@FreeBSD.org>
AuthorDate: 2025-09-03 19:16:40 +0000
Commit:     Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2025-09-27 15:11:37 +0000

    ifnet: Defer detaching address family dependent data

    While diagnosing PR 279653 and PR 285129, I observed that thread may
    write to freed memory but the system does not crash. This hides the
    real problem. A clear NULL pointer derefence is much better than writing
    to freed memory.

    PR:     279653
    PR:     285129
    Reviewed by:    glebius
    MFC after:      3 weeks
    Differential Revision:  https://reviews.freebsd.org/D49444

    (cherry picked from commit b5c46895fdddcdb7dd1994598925d6989ea7c8f2)

 sys/net/if.c       | 26 +++++++++++++++++++++-----
 sys/netinet/in.c   |  2 ++
 sys/netinet6/in6.c |  2 ++
 3 files changed, 25 insertions(+), 5 deletions(-)

-- 
You are receiving this mail because:
You are the assignee for the bug.