Page MenuHomeFreeBSD
Differential D51500

netinet6: Don't return non-IPv6 enabled interfaces from in6_getlinkifnet()
ClosedPublic
Actions

Authored by kp on Jul 24 2025, 5:29 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Oct 12, 11:37 PM
Unknown Object (File)
Sun, Oct 12, 11:37 PM
Unknown Object (File)
Sun, Oct 12, 11:37 PM
Unknown Object (File)
Sun, Oct 12, 11:36 PM
Unknown Object (File)
Sun, Oct 12, 11:36 PM
Unknown Object (File)
Sun, Oct 12, 12:09 PM
Unknown Object (File)
Wed, Sep 24, 1:55 AM
Unknown Object (File)
Wed, Sep 24, 1:03 AM
View All 37 Files
Subscribers
ae
farrokhi
glebius
imp
melifaro
vegeta_tuxpowered.net
zlei

Details

Reviewers
zlei
Group Reviewers
network
pfsense
Commits
rGe9ca883b12c0: netinet6: Don't return non-IPv6 enabled interfaces from in6_getlinkifnet()
Summary

There are scenarios where we can end up looking up an interface by its scope and
turn up an interface that doesn't have IPv6 enabled on it. If that happens we
could end up dereferencing a NULL pointer accessing ifp->if_afdata[AF_INET6].
Check for this.

One such scenario is if a firewall rewrites a destination address to a
link-local address, with an embedded scope for such an interface. Attach a test
case which provokes this.

PR: 288263
Reported by: Robert Morris <rtm@lcs.mit.edu>
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp created this revision.Jul 24 2025, 5:29 PM
Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 3 others. · View Herald TranscriptJul 24 2025, 5:29 PM
kp requested review of this revision.Jul 24 2025, 5:29 PM
Harbormaster completed remote builds in B65666: Diff 159018.Jul 24 2025, 5:29 PM
kp updated this revision to Diff 159031.Jul 24 2025, 8:42 PM

Whoops

Harbormaster completed remote builds in B65673: Diff 159031.Jul 24 2025, 8:43 PM
zlei accepted this revision as: zlei.Jul 26 2025, 2:27 PM
zlei added a subscriber: zlei.

The change to in6_getlinkifnet() looks good to me.

sys/netinet6/scope6.c
511

I'd like to have a description about the NULL check for if_afdata[AF_INET6], say An interface may not be IPv6 capable .

I think it may deserve a log entry about this rare case. This is probably by mis-configuration, say firewall rewriting etc.

This revision is now accepted and ready to land.Jul 26 2025, 2:27 PM
kp updated this revision to Diff 159321.Jul 28 2025, 2:27 PM

Log when we end up selecting an interface without IPv6 support.

This revision now requires review to proceed.Jul 28 2025, 2:27 PM
Harbormaster completed remote builds in B65800: Diff 159321.Jul 28 2025, 2:27 PM
zlei accepted this revision as: zlei.Jul 29 2025, 11:20 AM
This revision is now accepted and ready to land.Jul 29 2025, 11:20 AM
Closed by commit rGe9ca883b12c0: netinet6: Don't return non-IPv6 enabled interfaces from in6_getlinkifnet() (authored by kp). · Explain WhyJul 29 2025, 5:45 PM
This revision was automatically updated to reflect the committed changes.
kp added a commit: rGe9ca883b12c0: netinet6: Don't return non-IPv6 enabled interfaces from in6_getlinkifnet().

Revision Contents
Changeset List

PathSize
sys/
netinet6/
17 lines
tests/
sys/
netpfil/
pf/
41 lines

Diff 159398

View Options

sys/netinet6/scope6.c

Loading...
View Options

tests/sys/netpfil/pf/nat64.py

Loading...