Page MenuHomeFreeBSD
Differential D25887

ip6_output(): Check the return value of in6_getlinkifnet().
ClosedPublic
Actions

Authored by markj on Jul 30 2020, 12:46 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Apr 30, 10:10 AM
Unknown Object (File)
Mon, Apr 27, 12:05 PM
Unknown Object (File)
Sat, Apr 25, 5:58 AM
Unknown Object (File)
Fri, Apr 24, 6:32 AM
Unknown Object (File)
Tue, Apr 21, 6:53 PM
Unknown Object (File)
Tue, Apr 21, 2:14 PM
Unknown Object (File)
Tue, Apr 21, 11:26 AM
Unknown Object (File)
Apr 15 2026, 12:41 PM
View All Files
Subscribers
ae
imp
melifaro

Details

Reviewers
melifaro
ae
bz
tuexen
Commits
rS363710: ip6_output(): Check the return value of in6_getlinkifnet().
Summary

If the destination address has an embedded scope ID, make sure that it
corresponds to a valid ifnet before proceeding. Otherwise a sendto()
with a bogus link-local address can trigger a NULL pointer dereference.

Reported by: syzkaller

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
head/
sys/
netinet6/
4 lines

Diff 75172

View Options

head/sys/netinet6/ip6_output.c

Loading...