Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 12 May 2021 17:09:35 GMT
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: c1dd4d642fa0 - main - nd6: Avoid using an uninitialized sockaddr in nd6_prefix_offlink()
Message-ID:  <202105121709.14CH9ZN5031772@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=c1dd4d642fa0e2c8ea4f9a879f2cc4e5d6c39211

commit c1dd4d642fa0e2c8ea4f9a879f2cc4e5d6c39211
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2021-05-12 15:49:24 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-05-12 16:52:06 +0000

    nd6: Avoid using an uninitialized sockaddr in nd6_prefix_offlink()
    
    Commit 81728a538 ("Split rtinit() into multiple functions.") removed
    the initialization of sa6, but not one of its uses.  This meant that we
    were passing an uninitialized sockaddr as the address to
    lltable_prefix_free().  Remove the variable outright to fix the problem.
    The caller is expected to hold a reference on pr.
    
    Fixes:          81728a538 ("Split rtinit() into multiple functions.")
    Reported by:    KMSAN
    Reviewed by:    donner
    MFC after:      1 week
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D30166
---
 sys/netinet6/nd6_rtr.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c
index 2f721b4edcc3..2960b6cad951 100644
--- a/sys/netinet6/nd6_rtr.c
+++ b/sys/netinet6/nd6_rtr.c
@@ -2165,7 +2165,6 @@ nd6_prefix_offlink(struct nd_prefix *pr)
 	int error = 0;
 	struct ifnet *ifp = pr->ndpr_ifp;
 	struct nd_prefix *opr;
-	struct sockaddr_in6 sa6;
 	char ip6buf[INET6_ADDRSTRLEN];
 	uint64_t genid;
 	int a_failure;
@@ -2240,7 +2239,8 @@ restart:
 	}
 
 	if (a_failure)
-		lltable_prefix_free(AF_INET6, (struct sockaddr *)&sa6,
+		lltable_prefix_free(AF_INET6,
+		    (struct sockaddr *)&pr->ndpr_prefix,
 		    (struct sockaddr *)&mask6, LLE_STATIC);
 
 	return (error);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202105121709.14CH9ZN5031772>