Date: Wed, 22 Jun 2016 11:29:22 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r302081 - head/sys/netinet6 Message-ID: <201606221129.u5MBTMun071427@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Wed Jun 22 11:29:21 2016 New Revision: 302081 URL: https://svnweb.freebsd.org/changeset/base/302081 Log: Fix the NULL pointer dereference for unresolved link layer entries in the netinet6 code. Copy link layer address only when corresponding entry has LLE_VALID flag. PR: 210379 Approved by: re (kib) Modified: head/sys/netinet6/in6.c Modified: head/sys/netinet6/in6.c ============================================================================== --- head/sys/netinet6/in6.c Wed Jun 22 10:38:41 2016 (r302080) +++ head/sys/netinet6/in6.c Wed Jun 22 11:29:21 2016 (r302081) @@ -2322,10 +2322,16 @@ in6_lltable_dump_entry(struct lltable *l sdl = &ndpc.sdl; sdl->sdl_family = AF_LINK; sdl->sdl_len = sizeof(*sdl); - sdl->sdl_alen = ifp->if_addrlen; sdl->sdl_index = ifp->if_index; sdl->sdl_type = ifp->if_type; - bcopy(lle->ll_addr, LLADDR(sdl), ifp->if_addrlen); + if ((lle->la_flags & LLE_VALID) == LLE_VALID) { + sdl->sdl_alen = ifp->if_addrlen; + bcopy(lle->ll_addr, LLADDR(sdl), + ifp->if_addrlen); + } else { + sdl->sdl_alen = 0; + bzero(LLADDR(sdl), ifp->if_addrlen); + } if (lle->la_expire != 0) ndpc.rtm.rtm_rmx.rmx_expire = lle->la_expire + lle->lle_remtime / hz +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606221129.u5MBTMun071427>