diff mbox series

ipv6: prevent possible NULL dereference in ndisc_recv_na()

Message ID 20240716021548.339364-1-make24@iscas.ac.cn (mailing list archive)
State Changes Requested
Delegated to: Netdev Maintainers
Headers show
Series ipv6: prevent possible NULL dereference in ndisc_recv_na() | expand

Checks

Context Check Description
netdev/series_format warning Single patches do not need cover letters; Target tree name not specified in the subject
netdev/tree_selection success Guessed tree name to be net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit fail Errors and warnings before: 816 this patch: 15
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 6 of 6 maintainers
netdev/build_clang fail Errors and warnings before: 821 this patch: 16
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn fail Errors and warnings before: 827 this patch: 15
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 8 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Ma Ke July 16, 2024, 2:15 a.m. UTC 
In ndisc_recv_na(), __in6_dev_get() could return NULL, which is a NULL
pointer dereference. Add a check to prevent bailing out.

Fixes: 7a02bf892d8f ("ipv6: add option to drop unsolicited neighbor advertisements")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
---
 net/ipv6/ndisc.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Eric Dumazet July 16, 2024, 2:30 a.m. UTC | #1 
On Mon, Jul 15, 2024 at 7:16 PM Ma Ke <make24@iscas.ac.cn> wrote:
>
> In ndisc_recv_na(), __in6_dev_get() could return NULL, which is a NULL
> pointer dereference. Add a check to prevent bailing out.
>
> Fixes: 7a02bf892d8f ("ipv6: add option to drop unsolicited neighbor advertisements")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
>  net/ipv6/ndisc.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
> index d914b23256ce..f7cafff3f6a9 100644
> --- a/net/ipv6/ndisc.c
> +++ b/net/ipv6/ndisc.c
> @@ -1000,6 +1000,8 @@ static enum skb_drop_reason ndisc_recv_na(struct sk_buff *skb)
>         struct ndisc_options ndopts;
>         struct net_device *dev = skb->dev;
>         struct inet6_dev *idev = __in6_dev_get(dev);
> +       if (!idev)
> +               return SKP_DROP_REASON_NOT_SPECIFIED;
>         struct inet6_ifaddr *ifp;
>         struct neighbour *neigh;
>         SKB_DR(reason);

Please do not mix code and variables.

Also, idev is correctly tested in the current code, therefore your
patch is not needed.

Thank you.
diff mbox series

Patch

diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index d914b23256ce..f7cafff3f6a9 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1000,6 +1000,8 @@  static enum skb_drop_reason ndisc_recv_na(struct sk_buff *skb)
 	struct ndisc_options ndopts;
 	struct net_device *dev = skb->dev;
 	struct inet6_dev *idev = __in6_dev_get(dev);
+	if (!idev)
+		return SKP_DROP_REASON_NOT_SPECIFIED;
 	struct inet6_ifaddr *ifp;
 	struct neighbour *neigh;
 	SKB_DR(reason);