diff options
| author | Martin Pieuchot <mpi@cvs.openbsd.org> | 2017-11-21 12:05:10 +0000 |
|---|---|---|
| committer | Martin Pieuchot <mpi@cvs.openbsd.org> | 2017-11-21 12:05:10 +0000 |
| commit | bc4b6f51c0a588c1ba7470920e3101da50a293e7 (patch) | |
| tree | 34afe1e83fd4292e0b16b236dfa6bd164a903ffa /sys | |
| parent | 1e1131eb79207874fedf8c5f7c334d5f92dd744b (diff) | |
Do not assume if_get(9) returns a non NULL ifp when using a route
interface index.
This assumption is true for the moment iff the route lookup *and* the
if_get() are done under KERNEL_LOCK(). This is not the case here.
Found the hardway by Hrvoje Popovski.
ok florian@, visa@, bluhm@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/netinet6/ip6_forward.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c index 2eff0072897..b2b6e46e2df 100644 --- a/sys/netinet6/ip6_forward.c +++ b/sys/netinet6/ip6_forward.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_forward.c,v 1.95 2017/06/30 11:29:15 bluhm Exp $ */ +/* $OpenBSD: ip6_forward.c,v 1.96 2017/11/21 12:05:09 mpi Exp $ */ /* $KAME: ip6_forward.c,v 1.75 2001/06/29 12:42:13 jinmei Exp $ */ /* @@ -240,6 +240,8 @@ reroute: * modified by a redirect. */ ifp = if_get(rt->rt_ifidx); + if (ifp == NULL) + goto freecopy; if (rt->rt_ifidx == m->m_pkthdr.ph_ifidx && !srcrt && ip6_sendredirects && (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0) { |