ip6_output(): Check the return value of in6_getlinkifnet().
ClosedPublic
Actions

Authored by markj on Jul 30 2020, 12:46 AM.

Details

Reviewers

melifaro
ae
bz
tuexen

Commits

rS363710: ip6_output(): Check the return value of in6_getlinkifnet().

Summary

If the destination address has an embedded scope ID, make sure that it
corresponds to a valid ifnet before proceeding. Otherwise a sendto()
with a bogus link-local address can trigger a NULL pointer dereference.

Reported by: syzkaller

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.Jul 30 2020, 12:46 AM

Herald added subscribers: melifaro, ae. · View Herald TranscriptJul 30 2020, 12:46 AM

markj requested review of this revision.Jul 30 2020, 12:46 AM

Harbormaster completed remote builds in B32652: Diff 75151.Jul 30 2020, 12:46 AM

markj added reviewers: melifaro, ae, bz, tuexen.Jul 30 2020, 12:47 AM

LGTM.

This revision is now accepted and ready to land.Jul 30 2020, 7:45 AM

Closed by commit rS363710: ip6_output(): Check the return value of in6_getlinkifnet(). (authored by markj). · Explain WhyJul 30 2020, 5:43 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rS363710: ip6_output(): Check the return value of in6_getlinkifnet()..

Herald added a subscriber: imp. · View Herald TranscriptJul 30 2020, 5:43 PM

Revision Contents
Changeset List

Path

Size

head/

sys/

netinet6/

ip6_output.c

4 lines

Diff 75172

View Options

head/sys/netinet6/ip6_output.c

ip6_output(): Check the return value of in6_getlinkifnet().ClosedPublicActions