diff options
| author | Bjoern A. Zeeb <bz@FreeBSD.org> | 2020-02-28 11:16:41 +0000 |
|---|---|---|
| committer | Bjoern A. Zeeb <bz@FreeBSD.org> | 2020-02-28 11:16:41 +0000 |
| commit | f1db666a6190e43d8e98c8aae807a9a85538d84b (patch) | |
| tree | 245b737ae49982ee190cf483ec1ec18af1e4c7b4 /sys/netinet6/mld6.c | |
| parent | 3f9309e5713e499b487ac2c5c20a5c3d521527c1 (diff) | |
| download | src-f1db666a6190e43d8e98c8aae807a9a85538d84b.tar.gz src-f1db666a6190e43d8e98c8aae807a9a85538d84b.zip | |
mld6: initialize oifp to avoid bogus results/panics in edge cases
In certain cases (probably not during normal operation but observed in
the lab during development) ip6_ouput() could return without error
and ifpp (&oifp) not updated.
Given oifp was never initialized we would take the later branch
as oifp was not NULL, and when calling icmp6_ifstat_inc() we would
panic dereferencing a garbage pointer.
For code stability initialize oifp to NULL before first use to always
have a deterministic value and not rely on a called function to behave
and always and for ever do the work for us as we hope for.
MFC after: 3 days
Sponsored by: Netflix
Notes
Notes:
svn path=/head/; revision=358427
Diffstat (limited to 'sys/netinet6/mld6.c')
| -rw-r--r-- | sys/netinet6/mld6.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/netinet6/mld6.c b/sys/netinet6/mld6.c index 5eb577379c6b..ccfa499739f0 100644 --- a/sys/netinet6/mld6.c +++ b/sys/netinet6/mld6.c @@ -3159,6 +3159,7 @@ mld_dispatch_packet(struct mbuf *m) mld = (struct mld_hdr *)(mtod(md, uint8_t *) + off); type = mld->mld_type; + oifp = NULL; error = ip6_output(m0, &mld_po, NULL, IPV6_UNSPECSRC, &im6o, &oifp, NULL); if (error) { |