diff options
| author | Martin Pieuchot <mpi@cvs.openbsd.org> | 2016-01-12 09:37:45 +0000 |
|---|---|---|
| committer | Martin Pieuchot <mpi@cvs.openbsd.org> | 2016-01-12 09:37:45 +0000 |
| commit | a9f5e3f7fa467faf12a2ab4498a55fa4e0eff771 (patch) | |
| tree | 952e710c07622fdba5ab866ecb8041c222b8c40c /sys/netinet6/nd6_rtr.c | |
| parent | cd5b009365d52a9aa0b1b087962a978d5755a98d (diff) | |
Prevent a possible NULL-derefenced introduced by the move of RA sleeping
code in a task.
Such dereferenced can be triggered by receiving a RA with the 'on-link'
bit set to 0 apparently generated by dnsmasq and reported by matthieu@.
ok matthieu@, sthen@, bluhm@
Diffstat (limited to 'sys/netinet6/nd6_rtr.c')
| -rw-r--r-- | sys/netinet6/nd6_rtr.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c index d6167a1a1dc..17babf2c472 100644 --- a/sys/netinet6/nd6_rtr.c +++ b/sys/netinet6/nd6_rtr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nd6_rtr.c,v 1.137 2015/12/18 10:55:51 tb Exp $ */ +/* $OpenBSD: nd6_rtr.c,v 1.138 2016/01/12 09:37:44 mpi Exp $ */ /* $KAME: nd6_rtr.c,v 1.97 2001/02/07 11:09:13 itojun Exp $ */ /* @@ -1974,11 +1974,10 @@ in6_ifadd(struct nd_prefix *pr, int privacy) return (NULL); /* ifaddr must not have been allocated. */ } - /* this is always non-NULL */ ia6 = in6ifa_ifpwithaddr(ifp, &ifra.ifra_addr.sin6_addr); /* Perform DAD, if needed. */ - if (ia6->ia6_flags & IN6_IFF_TENTATIVE) + if (ia6 != NULL && ia6->ia6_flags & IN6_IFF_TENTATIVE) nd6_dad_start(&ia6->ia_ifa); return (ia6); |