diff options
author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2001-02-02 15:55:19 +0000 |
---|---|---|
committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2001-02-02 15:55:19 +0000 |
commit | 5bffa15e4286ba754a7f32a116756aecdbca6e1b (patch) | |
tree | 82ad3853069a29ef36907c74333cccdc86b03982 | |
parent | 69429a3b488de978af7bd48de074547663a1ba1f (diff) |
avoid panic when packet to nonexistent link-local address is issued.
kame 1.151 -> 1.152.
-rw-r--r-- | sys/netinet6/ip6_output.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 67a1c044532..9c6b0cc2af3 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,5 +1,5 @@ -/* $OpenBSD: ip6_output.c,v 1.17 2000/10/11 09:14:15 itojun Exp $ */ -/* $KAME: ip6_output.c,v 1.122 2000/08/19 02:12:02 jinmei Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.18 2001/02/02 15:55:18 itojun Exp $ */ +/* $KAME: ip6_output.c,v 1.152 2001/02/02 15:36:33 jinmei Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -846,11 +846,24 @@ skip_ipsec2:; * Larger scopes than link will be supported in the near * future. */ + origifp = NULL; if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src)) origifp = ifindex2ifnet[ntohs(ip6->ip6_src.s6_addr16[1])]; else if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) origifp = ifindex2ifnet[ntohs(ip6->ip6_dst.s6_addr16[1])]; - else + /* + * XXX: origifp can be NULL even in those two cases above. + * For example, if we remove the (only) link-local address + * from the loopback interface, and try to send a link-local + * address without link-id information. Then the source + * address is ::1, and the destination address is the + * link-local address with its s6_addr16[1] being zero. + * What is worse, if the packet goes to the loopback interface + * by a default rejected route, the null pointer would be + * passed to looutput, and the kernel would hang. + * The following last resort would prevent such disaster. + */ + if (origifp == NULL); origifp = ifp; } else |