diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2008-03-04 11:19:36 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2008-03-04 11:19:36 +0000 |
commit | 036ad88cea926585d79ee0c8c9c533d26c2a5584 (patch) | |
tree | 23ffee0352f760c9165d69f4929269c51f5ee667 | |
parent | 37b19e13418e36b4c52d99a297f433839ed20f3f (diff) |
fix use-after-free: pfxlist_onlink_check() might free rt_llinfo for
the current route, so make sure RTF_LLINFO is still set; fixes pr 5711;
with krw@ and claudio@; ok jsing@
-rw-r--r-- | sys/netinet6/nd6_nbr.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/netinet6/nd6_nbr.c b/sys/netinet6/nd6_nbr.c index aaa5ceccab4..e9f5082d2b2 100644 --- a/sys/netinet6/nd6_nbr.c +++ b/sys/netinet6/nd6_nbr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nd6_nbr.c,v 1.47 2008/02/05 22:57:31 mpf Exp $ */ +/* $OpenBSD: nd6_nbr.c,v 1.48 2008/03/04 11:19:35 markus Exp $ */ /* $KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $ */ /* @@ -682,6 +682,8 @@ nd6_na_input(m, off, icmp6len) * affect the status of associated prefixes.. */ pfxlist_onlink_check(); + if ((rt->rt_flags & RTF_LLINFO) == 0) + goto freeit; /* ln is gone */ } } else { int llchange; |