The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=b57df6fbcc484f1941bf306cb60a3adaf538df69
commit b57df6fbcc484f1941bf306cb60a3adaf538df69
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2023-09-18 17:01:17 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2023-09-18 18:12:45 +0000
ndp: cope with unresolved neighbours
If we've not (yet) resolved a neighbour nda_lladdr will be NULL, and
NLA_DATA_LEN(neigh->nda_lladdr) will dereference a NULL pointer.
Avoid that by checking nda_lladdr first, and only dereferencing if it's
not NULL.
Test case:
ping6 -c 1 <non-existant neighbour>
ndp -a
Reviewed by: melifaro
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D41903
---
usr.sbin/ndp/ndp_netlink.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/usr.sbin/ndp/ndp_netlink.c b/usr.sbin/ndp/ndp_netlink.c
index ace3e5e5fa11..954d16995b5a 100644
--- a/usr.sbin/ndp/ndp_netlink.c
+++ b/usr.sbin/ndp/ndp_netlink.c
@@ -230,9 +230,12 @@ print_entry(struct snl_parsed_neigh *neigh, struct
snl_parsed_link_simple *link)
.sdl_family = AF_LINK,
.sdl_type = link->ifi_type,
.sdl_len = sizeof(struct sockaddr_dl),
- .sdl_alen = NLA_DATA_LEN(neigh->nda_lladdr),
};
- memcpy(sdl.sdl_data, NLA_DATA(neigh->nda_lladdr), sdl.sdl_alen);
+
+ if (neigh->nda_lladdr) {
+ sdl.sdl_alen = NLA_DATA_LEN(neigh->nda_lladdr),
+ memcpy(sdl.sdl_data, NLA_DATA(neigh->nda_lladdr), sdl.sdl_alen);
+ }
addrwidth = strlen(host_buf);
if (addrwidth < W_ADDR)
