diff options
| author | anton <anton@cvs.openbsd.org> | 2019-06-04 16:11:14 +0000 |
|---|---|---|
| committer | anton <anton@cvs.openbsd.org> | 2019-06-04 16:11:14 +0000 |
| commit | 064b2b4535c62ef93365db2707ae3e025e4f127c (patch) | |
| tree | 755e6dfcec97082824733342155ed59f8ed0cdad /sys/netinet6/ip6_mroute.c | |
| parent | 331651b81499e1b660a5f535038336c10a4c18f6 (diff) | |
Add missing NULL check for the protocol control block (pcb) pointer in
mrt{6,}_ioctl. Calling shutdown(2) on the socket prior to the ioctl
command can cause it to be NULL.
ok bluhm@ claudio@
Reported-by: syzbot+bdc489ecb509995a21ed@syzkaller.appspotmail.com
Reported-by: syzbot+156405fdea9f2ab15d40@syzkaller.appspotmail.com
Diffstat (limited to 'sys/netinet6/ip6_mroute.c')
| -rw-r--r-- | sys/netinet6/ip6_mroute.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c index 37fb9e2f5d2..512353701b8 100644 --- a/sys/netinet6/ip6_mroute.c +++ b/sys/netinet6/ip6_mroute.c @@ -244,6 +244,9 @@ mrt6_ioctl(struct socket *so, u_long cmd, caddr_t data) struct inpcb *inp = sotoinpcb(so); int error; + if (inp == NULL) + return (ENOTCONN); + switch (cmd) { case SIOCGETSGCNT_IN6: NET_RLOCK(); |