Page MenuHomeFreeBSD

Remove a seemingly unnecessary assertion from in6p_lookup_mcast_ifp().
ClosedPublic

Authored by markj on Thu, Jul 30, 12:46 AM.

Details

Summary

syzkaller generated programs which created an IPv6 socket, cleared the
the IPV6_V6ONLY socket option, bound the socket to an IPv4-mapped
address, and invoked JOIN_GROUP or LEAVE_GROUP v6 socket options. Since
V6ONLY was cleared by the bind() call, this triggers an assertion
failure when in6p_lookup_mcast_ifp() gets called.

From reading the code I suspect that the assertion is unnecessary since
the inp address is not actually used by the multicast code. In other
words, whether or not the socket is connected or bound to an IPv4-mapped
IPv6 address is irrelevant. Thus I propose removing the assertion.

While here remove an unnecessary check for inp == NULL, which clearly
cannot happen.

Reported by: syzbot+d01ab3d5e6c1516a393c@syzkaller.appspotmail.com

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

markj created this revision.Thu, Jul 30, 12:46 AM
markj requested review of this revision.Thu, Jul 30, 12:46 AM
hselasky accepted this revision.Thu, Jul 30, 10:37 AM

Looks good to me.

This revision is now accepted and ready to land.Thu, Jul 30, 10:37 AM
This revision was automatically updated to reflect the committed changes.