kubsan nd6

Alexander Bluhm Thu, 27 Jan 2022 15:21:29 -0800

Hi,

kubsan: netinet6/nd6.c:948:42: type mismatch: member access within null pointer 
of type 'struct in6_ifaddr'
kubsan: netinet6/nd6_nbr.c:640:43: type mismatch: member access within null 
pointer of type 'struct in6_ifaddr'


This codes works as ifaddr ia_ifa is the first field of in6_ifaddr.
So the pointers are the same, and one NULL check works for both.
But in ISO C NULL has a type and this is undefined behavior.  So
add a second NULL check that the compiler can optimize away.  The
resulting assembler is the same.

ok?

bluhm

Index: netinet6/nd6.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/nd6.c,v
retrieving revision 1.236
diff -u -p -r1.236 nd6.c
--- netinet6/nd6.c      7 Nov 2021 19:38:25 -0000       1.236
+++ netinet6/nd6.c      27 Jan 2022 22:20:06 -0000
@@ -792,6 +792,7 @@ nd6_rtrequest(struct ifnet *ifp, int req
        struct sockaddr *gate = rt->rt_gateway;
        struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo;
        struct ifaddr *ifa;
+       struct in6_ifaddr *ifa6;
 
        if (ISSET(rt->rt_flags, RTF_GATEWAY|RTF_MULTICAST|RTF_MPLS))
                return;
@@ -944,8 +945,9 @@ nd6_rtrequest(struct ifnet *ifp, int req
                 * check if rt_key(rt) is one of my address assigned
                 * to the interface.
                 */
-               ifa = &in6ifa_ifpwithaddr(ifp,
-                   &satosin6(rt_key(rt))->sin6_addr)->ia_ifa;
+               ifa6 = in6ifa_ifpwithaddr(ifp,
+                   &satosin6(rt_key(rt))->sin6_addr);
+               ifa = ifa6 ? &ifa6->ia_ifa : NULL;
                if (ifa) {
                        ln->ln_state = ND6_LLINFO_REACHABLE;
                        ln->ln_byhint = 0;
Index: netinet6/nd6_nbr.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/nd6_nbr.c,v
retrieving revision 1.130
diff -u -p -r1.130 nd6_nbr.c
--- netinet6/nd6_nbr.c  13 Dec 2021 14:30:16 -0000      1.130
+++ netinet6/nd6_nbr.c  27 Jan 2022 22:20:06 -0000
@@ -568,6 +568,7 @@ nd6_na_input(struct mbuf *m, int off, in
        char *lladdr = NULL;
        int lladdrlen = 0;
        struct ifaddr *ifa;
+       struct in6_ifaddr *ifa6;
        struct llinfo_nd6 *ln;
        struct rtentry *rt = NULL;
        struct sockaddr_dl *sdl;
@@ -637,7 +638,8 @@ nd6_na_input(struct mbuf *m, int off, in
                lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3;
        }
 
-       ifa = &in6ifa_ifpwithaddr(ifp, &taddr6)->ia_ifa;
+       ifa6 = in6ifa_ifpwithaddr(ifp, &taddr6);
+       ifa = ifa6 ? &ifa6->ia_ifa : NULL;
 
        /*
         * Target address matches one of my interface address.
Index: arch/amd64/conf/GENERIC
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/arch/amd64/conf/GENERIC,v
retrieving revision 1.510
diff -u -p -r1.510 GENERIC
--- arch/amd64/conf/GENERIC     4 Jan 2022 05:50:43 -0000       1.510
+++ arch/amd64/conf/GENERIC     27 Jan 2022 22:19:55 -0000
@@ -381,23 +381,23 @@ wsmouse*  at pms? mux 0
 #mmuagp*       at pchb?        # amd64 mmu agp.
 #agp*          at mmuagp?
 
-inteldrm*      at pci?         # Intel i915, i945 DRM driver
-intagp*                at inteldrm?
-agp*           at intagp?
-drm0           at inteldrm? primary 1
-drm*           at inteldrm?
-wsdisplay0     at inteldrm? primary 1
-wsdisplay*     at inteldrm? mux -1
-radeondrm*     at pci?         # ATI Radeon DRM driver
-drm0           at radeondrm? primary 1
-drm*           at radeondrm?
-wsdisplay0     at radeondrm? primary 1
-wsdisplay*     at radeondrm? mux -1
-amdgpu*                at pci?
-drm0           at amdgpu? primary 1
-drm*           at amdgpu?
-wsdisplay0     at amdgpu? primary 1
-wsdisplay*     at amdgpu? mux -1
+#inteldrm*     at pci?         # Intel i915, i945 DRM driver
+#intagp*               at inteldrm?
+#agp*          at intagp?
+#drm0          at inteldrm? primary 1
+#drm*          at inteldrm?
+#wsdisplay0    at inteldrm? primary 1
+#wsdisplay*    at inteldrm? mux -1
+#radeondrm*    at pci?         # ATI Radeon DRM driver
+#drm0          at radeondrm? primary 1
+#drm*          at radeondrm?
+#wsdisplay0    at radeondrm? primary 1
+#wsdisplay*    at radeondrm? mux -1
+#amdgpu*               at pci?
+#drm0          at amdgpu? primary 1
+#drm*          at amdgpu?
+#wsdisplay0    at amdgpu? primary 1
+#wsdisplay*    at amdgpu? mux -1
 
 pcppi0         at isa?
 
Index: arch/amd64/conf/GENERIC.MP
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/arch/amd64/conf/GENERIC.MP,v
retrieving revision 1.16
diff -u -p -r1.16 GENERIC.MP
--- arch/amd64/conf/GENERIC.MP  9 Feb 2021 14:06:19 -0000       1.16
+++ arch/amd64/conf/GENERIC.MP  27 Jan 2022 22:19:55 -0000
@@ -5,5 +5,6 @@ include "arch/amd64/conf/GENERIC"
 option MULTIPROCESSOR
 #option        MP_LOCKDEBUG
 #option        WITNESS
+option KUBSAN
 
 cpu*           at mainbus?

kubsan nd6

Reply via email to