Page MenuHomeFreeBSD
Differential D25887

ip6_output(): Check the return value of in6_getlinkifnet().
ClosedPublic
Actions

Authored by markj on Jul 30 2020, 12:46 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Apr 21, 6:53 PM
Unknown Object (File)
Tue, Apr 21, 2:14 PM
Unknown Object (File)
Tue, Apr 21, 11:26 AM
Unknown Object (File)
Wed, Apr 15, 12:41 PM
Unknown Object (File)
Mon, Apr 13, 3:33 AM
Unknown Object (File)
Sun, Apr 12, 1:06 PM
Unknown Object (File)
Sun, Apr 12, 3:50 AM
Unknown Object (File)
Sat, Apr 11, 10:46 PM
View All Files
Subscribers
ae
imp
melifaro

Details

Reviewers
melifaro
ae
bz
tuexen
Commits
rS363710: ip6_output(): Check the return value of in6_getlinkifnet().
Summary

If the destination address has an embedded scope ID, make sure that it
corresponds to a valid ifnet before proceeding. Otherwise a sendto()
with a bogus link-local address can trigger a NULL pointer dereference.

Reported by: syzkaller

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
head/
sys/
netinet6/
4 lines

Diff 75172

View Options

head/sys/netinet6/ip6_output.c

Loading...