Page MenuHomeFreeBSD
Differential D25887

ip6_output(): Check the return value of in6_getlinkifnet().
ClosedPublic
Actions

Authored by markj on Jul 30 2020, 12:46 AM.
Tags
None
Referenced Files
F132341149: D25887.diff
Thu, Oct 16, 1:43 AM
Unknown Object (File)
Sep 10 2025, 8:58 PM
Unknown Object (File)
Sep 5 2025, 3:52 PM
Unknown Object (File)
Sep 4 2025, 11:46 AM
Unknown Object (File)
Aug 24 2025, 6:21 PM
Unknown Object (File)
Aug 23 2025, 12:20 AM
Unknown Object (File)
Aug 14 2025, 3:48 PM
Unknown Object (File)
Aug 14 2025, 2:39 AM
View All 56 Files
Subscribers
ae
imp
melifaro

Details

Reviewers
melifaro
ae
bz
tuexen
Commits
rS363710: ip6_output(): Check the return value of in6_getlinkifnet().
Summary

If the destination address has an embedded scope ID, make sure that it
corresponds to a valid ifnet before proceeding. Otherwise a sendto()
with a bogus link-local address can trigger a NULL pointer dereference.

Reported by: syzkaller

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
head/
sys/
netinet6/
4 lines

Diff 75172

View Options

head/sys/netinet6/ip6_output.c

Loading...