From owner-dev-commits-src-branches@freebsd.org  Wed May 19 13:35:24 2021
Return-Path: <owner-dev-commits-src-branches@freebsd.org>
Delivered-To: dev-commits-src-branches@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 97D3564206A;
 Wed, 19 May 2021 13:35:24 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FlYlc37xcz4gn0;
 Wed, 19 May 2021 13:35:24 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4A71F138F6;
 Wed, 19 May 2021 13:35:24 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 14JDZOwC074659;
 Wed, 19 May 2021 13:35:24 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 14JDZO2w074658;
 Wed, 19 May 2021 13:35:24 GMT (envelope-from git)
Date: Wed, 19 May 2021 13:35:24 GMT
Message-Id: <202105191335.14JDZO2w074658@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 010f19777085 - stable/13 - nd6: Avoid using an uninitialized
 sockaddr in nd6_prefix_offlink()
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 010f19777085561cae108e5fd228ff258f7d102a
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-src-branches@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commits to the stable branches of the FreeBSD src repository
 <dev-commits-src-branches.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-branches>, 
 <mailto:dev-commits-src-branches-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-branches/>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Help: <mailto:dev-commits-src-branches-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-branches>, 
 <mailto:dev-commits-src-branches-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 May 2021 13:35:24 -0000

The branch stable/13 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=010f19777085561cae108e5fd228ff258f7d102a

commit 010f19777085561cae108e5fd228ff258f7d102a
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2021-05-12 15:49:24 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-05-19 13:32:28 +0000

    nd6: Avoid using an uninitialized sockaddr in nd6_prefix_offlink()
    
    Commit 81728a538 ("Split rtinit() into multiple functions.") removed
    the initialization of sa6, but not one of its uses.  This meant that we
    were passing an uninitialized sockaddr as the address to
    lltable_prefix_free().  Remove the variable outright to fix the problem.
    The caller is expected to hold a reference on pr.
    
    Fixes:          81728a538 ("Split rtinit() into multiple functions.")
    Reported by:    KMSAN
    Reviewed by:    donner
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D30166
    
    (cherry picked from commit c1dd4d642fa0e2c8ea4f9a879f2cc4e5d6c39211)
---
 sys/netinet6/nd6_rtr.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c
index 2f721b4edcc3..2960b6cad951 100644
--- a/sys/netinet6/nd6_rtr.c
+++ b/sys/netinet6/nd6_rtr.c
@@ -2165,7 +2165,6 @@ nd6_prefix_offlink(struct nd_prefix *pr)
 	int error = 0;
 	struct ifnet *ifp = pr->ndpr_ifp;
 	struct nd_prefix *opr;
-	struct sockaddr_in6 sa6;
 	char ip6buf[INET6_ADDRSTRLEN];
 	uint64_t genid;
 	int a_failure;
@@ -2240,7 +2239,8 @@ restart:
 	}
 
 	if (a_failure)
-		lltable_prefix_free(AF_INET6, (struct sockaddr *)&sa6,
+		lltable_prefix_free(AF_INET6,
+		    (struct sockaddr *)&pr->ndpr_prefix,
 		    (struct sockaddr *)&mask6, LLE_STATIC);
 
 	return (error);