Page MenuHomeFreeBSD

netinet6: Don't return non-IPv6 enabled interfaces from in6_getlinkifnet()
ClosedPublic

Authored by kp on Jul 24 2025, 5:29 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Oct 12, 11:37 PM
Unknown Object (File)
Sun, Oct 12, 11:37 PM
Unknown Object (File)
Sun, Oct 12, 11:37 PM
Unknown Object (File)
Sun, Oct 12, 11:36 PM
Unknown Object (File)
Sun, Oct 12, 11:36 PM
Unknown Object (File)
Sun, Oct 12, 12:09 PM
Unknown Object (File)
Wed, Sep 24, 1:55 AM
Unknown Object (File)
Wed, Sep 24, 1:03 AM

Details

Summary

There are scenarios where we can end up looking up an interface by its scope and
turn up an interface that doesn't have IPv6 enabled on it. If that happens we
could end up dereferencing a NULL pointer accessing ifp->if_afdata[AF_INET6].
Check for this.

One such scenario is if a firewall rewrites a destination address to a
link-local address, with an embedded scope for such an interface. Attach a test
case which provokes this.

PR: 288263
Reported by: Robert Morris <rtm@lcs.mit.edu>
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp requested review of this revision.Jul 24 2025, 5:29 PM
zlei added a subscriber: zlei.

The change to in6_getlinkifnet() looks good to me.

sys/netinet6/scope6.c
511

I'd like to have a description about the NULL check for if_afdata[AF_INET6], say An interface may not be IPv6 capable .

I think it may deserve a log entry about this rare case. This is probably by mis-configuration, say firewall rewriting etc.

This revision is now accepted and ready to land.Jul 26 2025, 2:27 PM

Log when we end up selecting an interface without IPv6 support.

This revision now requires review to proceed.Jul 28 2025, 2:27 PM
This revision is now accepted and ready to land.Jul 29 2025, 11:20 AM