svn commit: r302081 - head/sys/netinet6
Andrey V. Elsukov
ae at FreeBSD.org
Wed Jun 22 11:29:23 UTC 2016
Author: ae
Date: Wed Jun 22 11:29:21 2016
New Revision: 302081
URL: https://svnweb.freebsd.org/changeset/base/302081
Log:
Fix the NULL pointer dereference for unresolved link layer entries in
the netinet6 code. Copy link layer address only when corresponding entry
has LLE_VALID flag.
PR: 210379
Approved by: re (kib)
Modified:
head/sys/netinet6/in6.c
Modified: head/sys/netinet6/in6.c
==============================================================================
--- head/sys/netinet6/in6.c Wed Jun 22 10:38:41 2016 (r302080)
+++ head/sys/netinet6/in6.c Wed Jun 22 11:29:21 2016 (r302081)
@@ -2322,10 +2322,16 @@ in6_lltable_dump_entry(struct lltable *l
sdl = &ndpc.sdl;
sdl->sdl_family = AF_LINK;
sdl->sdl_len = sizeof(*sdl);
- sdl->sdl_alen = ifp->if_addrlen;
sdl->sdl_index = ifp->if_index;
sdl->sdl_type = ifp->if_type;
- bcopy(lle->ll_addr, LLADDR(sdl), ifp->if_addrlen);
+ if ((lle->la_flags & LLE_VALID) == LLE_VALID) {
+ sdl->sdl_alen = ifp->if_addrlen;
+ bcopy(lle->ll_addr, LLADDR(sdl),
+ ifp->if_addrlen);
+ } else {
+ sdl->sdl_alen = 0;
+ bzero(LLADDR(sdl), ifp->if_addrlen);
+ }
if (lle->la_expire != 0)
ndpc.rtm.rtm_rmx.rmx_expire = lle->la_expire +
lle->lle_remtime / hz +
More information about the svn-src-head
mailing list