Differential D25075

netinet6: Don't calculate offset on ICMP6 NI query if the copied mbuf is null
AbandonedPublic
Actions

Authored by nc on May 30 2020, 7:30 PM.

Details

Reviewers

hrs

Summary

netinet6: Don't calculate offset on ICMP6 NI query if the copied mbuf is null.

Submitted by: Neel Chauhan <neel AT neelc DOT org>

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

nc created this revision.May 30 2020, 7:30 PM

Herald added subscribers: Contributor Reviews (src), melifaro, bz and 2 others. · View Herald TranscriptMay 30 2020, 7:30 PM

nc requested review of this revision.May 30 2020, 7:30 PM

I'd suggest to stop processing at this place.

sys/netinet6/icmp6.c
659	The handing of "n == NULL" is not consistent. Instead of stop processing like below, some variables stay unset.
682–685	Here the "n == NULL" case is simple: stop processing.
723	If variables are still unset, prevent processing.

Adding the following two lines between the invocation of ni6_input() and the "nroff =" line is simpler. This noff line was added to suppress a "uninitialized variable" warning a long time ago, and the proposed change reverts it effectively while the code paths have no problem.

if (n)
        n = ni6_input(n, off);
if (n == NULL)
        break;
noff = sizeof(struct ip6_hdr);

This revision now requires changes to proceed.Jun 23 2020, 12:05 PM

Good catch.

I'm not an expert in the kernel, sorry.

nc abandoned this revision.Jun 24 2020, 3:21 PM

Revision Contents
Changeset List

Path

Size

sys/

netinet6/

icmp6.c

3 lines

Diff 73519

View Options

netinet6: Don't calculate offset on ICMP6 NI query if the copied mbuf is nullAbandonedPublicActions