Page MenuHomeFreeBSD
Differential D25887

ip6_output(): Check the return value of in6_getlinkifnet().
ClosedPublic
Actions

Authored by markj on Jul 30 2020, 12:46 AM.
Tags
None
Referenced Files
F109634655: D25887.diff
Fri, Feb 7, 6:55 PM
Unknown Object (File)
Thu, Jan 16, 6:25 AM
Unknown Object (File)
Oct 2 2024, 12:14 PM
Unknown Object (File)
Sep 5 2024, 7:41 AM
Unknown Object (File)
Sep 4 2024, 4:23 PM
Unknown Object (File)
Sep 2 2024, 11:22 PM
Unknown Object (File)
Aug 31 2024, 11:14 PM
Unknown Object (File)
Aug 17 2024, 8:46 PM
View All 36 Files
Subscribers
ae
imp
melifaro

Details

Reviewers
melifaro
ae
bz
tuexen
Commits
rS363710: ip6_output(): Check the return value of in6_getlinkifnet().
Summary

If the destination address has an embedded scope ID, make sure that it
corresponds to a valid ifnet before proceeding. Otherwise a sendto()
with a bogus link-local address can trigger a NULL pointer dereference.

Reported by: syzkaller

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
head/
sys/
netinet6/
4 lines

Diff 75172

View Options

head/sys/netinet6/ip6_output.c

Loading...